CVE-2026-53091

In the Linux kernel, the following vulnerability has been resolved:

net: pull headers in qdisc pkt len segs init()

Most ndo start xmit() methods expects headers of gso packets to be already in skb->head.

net/core/tso.c users are particularly at risk, because tso build hdr() does a memcpy(hdr, skb->data, hdr len);

qdisc pkt len segs init() already does a dissection of gso packets.

Use pskb may pull() instead of skb header pointer() to make sure drivers do not have to reimplement this.

Some malicious packets could be fed, detect them so that we can drop them sooner with a new SKB DROP REASON SKB BAD GSO drop reason.