PT-2026-52316 · Linux · Linux

Published

2026-06-25

Updated

2026-06-25

CVE-2026-53221

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

ip6 vti: fix incorrect tunnel matching in vti6 tnl lookup()

In vti6 tnl lookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels:

Tunnels matching the packet's local address, with any remote address wildcard remote).
Tunnels matching the packet's remote address, with any local address (wildcard local).

However, vti6 stores all these different types of tunnels in the same hash table (ip6n->tnls r l) prone to hash collisions.

The bug is that the fallback search loops in vti6 tnl lookup() were missing checks to ensure that the candidate tunnel actually has a wildcard address.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-53221

Affected Products

Linux

PT-2026-52316 · Linux · Linux

CVE-2026-53221

Related Identifiers

Affected Products

References · 9