CVE-2026-43057

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the network subsystem regarding the handling of tunneled traffic during IPV6 CSUM GSO fallback. The NETIF F IPV6 CSUM flag only supports checksum offload for packets without IPv6 extension headers, requiring packets with such headers to use software checksumming. Because TSO (TCP Segmentation Offload) depends on checksum offload, these packets must revert to GSO (Generic Segmentation Offload). The current implementation incorrectly checks only the network header length; however, for tunneled packets, the inner header length must be verified. Additionally, tunneled packets lacking an inner IP protocol, such as RFC 6951 SCTP in UDP, do not follow the standard IPv6 transport header structure and must also revert to the software GSO path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.