CVE-2026-53221
Description
In the Linux kernel, the following vulnerability has been resolved:
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
In vti6_tnl_lookup(), when an exact match for a tunnel fails,
the code falls back to searching for wildcard tunnels:
- Tunnels matching the packet's local address, with any remote address
wildcard remote).
- Tunnels matching the packet's remote address, with any local address
(wildcard local).
However, vti6 stores all these different types of tunnels in the same
hash table (ip6n->tnls_r_l) prone to hash collisions.
The bug is that the fallback search loops in vti6_tnl_lookup() were
missing checks to ensure that the candidate tunnel actually has
a wildcard address.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Linux | Linux | — | fbe68ee87522f6eaa10f9076c0a7117e1613f2f7 < c327fa4fca31415431202e063767a7ae342e19c6, fbe68ee87522f6eaa10f9076c0a7117e1613f2f7 < fc657ac0767c49839b3ef0b08dc0953ca30883f8, fbe68ee87522f6eaa10f9076c0a7117e1613f2f7 < 47fb3c2b4203556308e64354b3e78f2ce221d646, fbe68ee87522f6eaa10f9076c0a7117e1613f2f7 < f513f308cc4bdb4530d033431592ffbc29b7fca1 … |
| Linux | Linux | — | 3.19, 0 < 3.19, 5.10.259 ≤ 5.10.*, 5.15.210 ≤ 5.15.* … |
References (8)
- https://git.kernel.org/stable/c/c327fa4fca31415431202e063767a7ae342e19c6
- https://git.kernel.org/stable/c/fc657ac0767c49839b3ef0b08dc0953ca30883f8
- https://git.kernel.org/stable/c/47fb3c2b4203556308e64354b3e78f2ce221d646
- https://git.kernel.org/stable/c/f513f308cc4bdb4530d033431592ffbc29b7fca1
- https://git.kernel.org/stable/c/90fd4513315ca07da99cfd8549d3e553a7160f0d
- https://git.kernel.org/stable/c/2abfb19bbb81958714ad1d43ebeb65b30394184b
- https://git.kernel.org/stable/c/2fc7bc087cc7085368263d9d37bfe9a0bddd6a2d
- https://git.kernel.org/stable/c/a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9