CVE-2026-23254

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's UDP GRO (Generic Receive Offload) complete stage. The UDP GRO complete stage incorrectly assumes that the encapsulation flag is zeroed for all packets inserted during RX (receive) processing. This assumption is invalid because certain hardware Network Interface Cards (NICs) can set this flag when offloading UDP checksum calculations for encapsulated traffic. Additionally, the issue can be triggered by the tun driver injecting GSO (Generic Segmentation Offload) packets with UDP encapsulation or through a veth-based setup. Consequently, the udp4 gro complete() function uses an incorrect network offset—the inner offset instead of the outer offset—when calculating the outer UDP header pseudo checksum. This leads to checksum validation errors during subsequent packet processing. The issue is addressed by always clearing the encapsulation flag at GRO completion, with the flag being reset as needed for encapsulated packets by udp gro complete().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.