NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-53003

概要	In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an uncompressed (2-byte) protocol field. However, the generic PPP layer function ppp_input() is not aware of the negotiation result, and still accepts PFC frames. If a peer with a broken implementation or an attacker sends a frame with a compressed (1-byte) protocol field, the subsequent PPP payload is shifted by one byte. This causes the network header to be 4-byte misaligned, which may trigger unaligned access exceptions on some architectures. To reduce the attack surface, drop PPPoE PFC frames. Introduce ppp_skb_is_compressed_proto() helper function to be used in both ppp_generic.c and pppoe.c to avoid open-coding.
公表日	2026年6月25日2:17
登録日	2026年6月27日4:20
最終更新日	2026年6月25日2:17

関連情報、対策とツール

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4f	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1e	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3	416baaa9-dc9f-4396-8d5f-8c081fb06d67

共通脆弱性一覧