netfilter: ip6t_eui64: reject invalid MAC header for all packets
`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address
and compares it with the low 64 bits of the IPv6 source address.
The existing guard only rejects an invalid MAC header when
`par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()`
can still reach `eth_hdr(skb)` even when the MAC header is not valid.
Fix this by removing the `par->fragoff != 0` condition so that packets
with an invalid MAC header are rejected before accessing `eth_hdr(skb)`.
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-4664-1 | linux security update |
Debian DLA |
DLA-4665-1 | linux security update |
Debian DLA |
DLA-4671-1 | linux-6.1 security update |
Debian DSA |
DSA-6238-1 | linux security update |
Ubuntu USN |
USN-8490-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8491-1 | Linux kernel (OEM) vulnerabilities |
Ubuntu USN |
USN-8492-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8492-2 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-2 | Linux kernel (Oracle) vulnerabilities |
Ubuntu USN |
USN-8497-1 | Linux kernel (Low Latency) vulnerabilities |
Ubuntu USN |
USN-8498-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Ubuntu USN |
USN-8499-1 | Linux kernel (Xilinx) vulnerabilities |
Ubuntu USN |
USN-8508-1 | Linux kernel (NVIDIA) vulnerabilities |
Ubuntu USN |
USN-8492-3 | Linux kernel (Raspberry Pi Real-time) vulnerabilities |
Ubuntu USN |
USN-8490-2 | Linux kernel (Real-time) vulnerabilities |
Ubuntu USN |
USN-8492-4 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8492-5 | Linux kernel (FIPS) vulnerabilities |
Ubuntu USN |
USN-8527-1 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8528-1 | Linux kernel (Xilinx ZynqMP) vulnerabilities |
Ubuntu USN |
USN-8529-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8530-1 | Linux kernel (AWS) vulnerabilities |
Ubuntu USN |
USN-8545-1 | Linux kernel (HWE) vulnerabilities |
Ubuntu USN |
USN-8546-1 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8547-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8548-1 | Linux kernel vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 01 Jun 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 06 May 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |
Mon, 27 Apr 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 27 Apr 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 27 Apr 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1287 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Sat, 25 Apr 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects an invalid MAC header when `par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()` can still reach `eth_hdr(skb)` even when the MAC header is not valid. Fix this by removing the `par->fragoff != 0` condition so that packets with an invalid MAC header are rejected before accessing `eth_hdr(skb)`. | |
| Title | netfilter: ip6t_eui64: reject invalid MAC header for all packets | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-06-01T16:13:27.308Z
Reserved: 2026-03-09T15:48:24.131Z
Link: CVE-2026-31685
No data.
Status : Modified
Published: 2026-04-25T09:16:02.273
Modified: 2026-06-17T10:34:14.193
Link: CVE-2026-31685
OpenCVE Enrichment
Updated: 2026-05-06T22:45:13Z
Debian DLA
Debian DSA
Ubuntu USN