CVE-2026-53131

In the Linux kernel, the following vulnerability has been resolved:

netfilter: require Ethernet MAC header before using eth hdr()

ip6t eui64, xt mac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nf log syslog access eth hdr(skb) after either assuming that the skb is associated with an Ethernet device or checking only that the ETH HLEN bytes at skb mac header(skb) lie between skb->head and skb->data.

Make these paths first verify that the skb is associated with an Ethernet device, that the MAC header was set, and that it spans at least a full Ethernet header before accessing eth hdr(skb).