CVE-2026-23154

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's handling of GSO segment processing when forwarding GRO packets containing a frag list. The issue arises because the skb segment list function incorrectly processes GRO skbs converted by XLAT, as XLAT only translates the header of the initial skb, leaving subsequent skbs in the frag list untranslated. This leads to protocol inconsistencies and reduced throughput. The patch resolves this by setting the SKB GSO DODGY flag for GSO packets in XLAT's IPv4/IPv6 protocol translation helpers (bpf skb proto 4 to 6 and bpf skb proto 6 to 4). This ensures that skb segment list is bypassed for packets with the SKB GSO DODGY flag, utilizing skb segment instead, which only processes fully translated frag list packets. This correction addresses protocol inconsistencies and improves throughput when forwarding GRO packets converted by XLAT.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.