CVE-2026-53074

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject short IPv4/IPv6 inputs in bpf prog test run skb

bpf prog test run skb() calls eth type trans() first and then uses skb->protocol to initialize sk family and address fields for the test run.

For IPv4 and IPv6 packets, it may access ip hdr(skb) or ipv6 hdr(skb) even when the provided test input only contains an Ethernet header.

Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short.

Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.