PT-2026-51964 · Linux · Linux
Publicado
2026-06-24
·
Atualizado
2026-06-24
·
CVE-2026-53070
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
sctp: disable BH before calling udp tunnel xmit skb()
udp tunnel xmit skb() / udp tunnel6 xmit skb() are expected to run with
BH disabled. After commit 6f1a9140ecda ("add xmit recursion limit to
tunnel xmit functions"), on the path:
udp(6) tunnel xmit skb() -> ip(6)tunnel xmit()
dev xmit recursion inc()/dec() must stay balanced on the same CPU.
Without local bh disable(), the context may move between CPUs, which can
break the inc/dec pairing. This may lead to incorrect recursion level
detection and cause packets to be dropped in ip(6) tunnel xmit() or
dev queue xmit().
Fix it by disabling BH around both IPv4 and IPv6 SCTP UDP xmit paths.
In my testing, after enabling the SCTP over UDP:
ip net exec ha sysctl -w net.sctp.udp port=9899
ip net exec ha sysctl -w net.sctp.encap port=9899
ip net exec hb sysctl -w net.sctp.udp port=9899
ip net exec hb sysctl -w net.sctp.encap port=9899
ip net exec ha iperf3 -s
- without this patch:
ip net exec hb iperf3 -c 192.168.0.1 --sctp
[ 5] 0.00-10.00 sec 37.2 MBytes 31.2 Mbits/sec sender
[ 5] 0.00-10.00 sec 37.1 MBytes 31.1 Mbits/sec receiver
- with this patch:
ip net exec hb iperf3 -c 192.168.0.1 --sctp
[ 5] 0.00-10.00 sec 3.14 GBytes 2.69 Gbits/sec sender
[ 5] 0.00-10.00 sec 3.14 GBytes 2.69 Gbits/sec receiver
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Linux