CVE-2026-23154
📋 TL;DR
This vulnerability in the Linux kernel causes protocol inconsistencies and reduced network throughput when forwarding GRO packets through IPv4/IPv6 translation (XLAT). It affects systems using IPv4/IPv6 protocol translation with Generic Receive Offload (GRO) enabled, particularly in hotspot or gateway scenarios.
💻 Affected Systems
- Linux kernel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Network performance degradation leading to service disruption, packet loss, and potential denial of service in high-traffic environments.
Likely Case
Reduced network throughput and inefficient packet processing in IPv4/IPv6 translation scenarios, impacting network performance.
If Mitigated
Minimal impact with proper kernel patching or workarounds; normal network operations maintained.
🎯 Exploit Status
This is a performance/functionality bug rather than a traditional security vulnerability. Exploitation would require specific network configuration and traffic patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 3d48d59235c494d34e32052f768393111c0806ef, 3e62db1e3140449608975e29e0979cc5f3b1cc07, or 426ca15c7f6cb6562a081341ca88893a50c59fa2
Vendor Advisory: https://git.kernel.org/stable/c/3d48d59235c494d34e32052f768393111c0806ef
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable GRO on affected interfaces
linuxDisable Generic Receive Offload to prevent the vulnerable code path
ethtool -K <interface> gro off
Avoid IPv4/IPv6 protocol translation
allConfigure network to avoid using bpf_skb_proto_4_to_6 or bpf_skb_proto_6_to_4 helpers
🧯 If You Can't Patch
- Implement workarounds to disable GRO on affected interfaces
- Monitor network performance and throughput metrics for degradation
🔍 How to Verify
Check if Vulnerable:
Check if system uses IPv4/IPv6 translation with GRO enabled and experiences throughput issues in specific network scenariosCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test network throughput in IPv4/IPv6 translation scenarios📡 Detection & Monitoring
Log Indicators:
- Network performance degradation logs
- Packet processing errors in kernel logs
Network Indicators:
- Reduced throughput in IPv4/IPv6 translation scenarios
- Increased packet retransmissions
SIEM Query:
Search for network performance alerts or kernel errors related to GSO segmentation