CVE-2026-31685

EUVD-2026-25652

25.04.2026, 09:16

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets

`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address
and compares it with the low 64 bits of the IPv6 source address.

The existing guard only rejects an invalid MAC header when
`par->fragoff != 0`. For packets with `par->fragoff == 0`, `eui64_mt6()`
can still reach `eth_hdr(skb)` even when the MAC header is not valid.

Fix this by removing the `par->fragoff != 0` condition so that packets
with an invalid MAC header are rejected before accessing `eth_hdr(skb)`.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.4 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	2.6.12.1 ≤ 𝑥 < 6.6.136
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.83
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.24
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.14
linux	linux_kernel	2.6.12
linux	linux_kernel	2.6.12:rc2
linux	linux_kernel	2.6.12:rc3
linux	linux_kernel	2.6.12:rc4
linux	linux_kernel	2.6.12:rc5
linux	linux_kernel	7.0:rc1
linux	linux_kernel	7.0:rc2
linux	linux_kernel	7.0:rc3
linux	linux_kernel	7.0:rc4
linux	linux_kernel	7.0:rc5
linux	linux_kernel	7.0:rc6
linux	linux_kernel	7.0:rc7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	7.0.10-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed

dlm-kmp-default

suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed

gfs2-kmp-default

suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed

kernel-64kb

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-default

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-default-base

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1.150700.17.33.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1.150700.17.33.1 fixed
suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1.150400.24.110.2 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1.150500.6.77.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1.150600.12.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1.150700.17.33.1 fixed

kernel-default-man

suse enterprise server 12 SP5

4.12.14-122.310.1

fixed

kernel-docs

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-macros

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-source

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-syms

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.55.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.55.1 fixed

ocfs2-kmp-default

suse enterprise server 12 SP5	4.12.14-122.310.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed

reiserfs-kmp-default

suse enterprise server 15 SP4	5.14.21-150400.24.219.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.166.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.112.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 8

0:4.18.0-553.126.1.el8_10

fixed

kernel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-64k

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-abi-stablelists

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-debug-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-debug-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-devel-matched

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-doc

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-64k

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug-devel

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug-modules

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-debug-modules-extra

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-devel

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-modules

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-64k-modules-extra

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-core

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-debug

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-debug-core

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-debug-devel

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-debug-kvm

RHEL 8

0:4.18.0-553.126.1.rt7.467.el8_10

fixed

kernel-rt-debug-modules

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-debug-modules-extra

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-devel

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-kvm

RHEL 8

0:4.18.0-553.126.1.rt7.467.el8_10

fixed

kernel-rt-modules

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-rt-modules-extra

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-tools

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-tools-libs

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-tools-libs-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-uki-virt

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-uki-virt-addons

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-zfcpdump

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-zfcpdump-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-zfcpdump-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-zfcpdump-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

kernel-zfcpdump-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

libperf

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

perf

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

python3-perf

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.12.1.el9_8 fixed

rtla

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

RHEL 9

0:5.14.0-687.12.1.el9_8

fixed

Amazon Linux Releases

Amazon Package

Release

bpftool6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

bpftool6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel-livepatch-6.12.83-113.160

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.18.25-55.108

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-aarch64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-x86_64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-headers

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra-common

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-aarch64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-x86_64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-headers

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra-common

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

Azure Linux Releases

Azure Package

Release

kernel

Azure Linux 3.0

0:6.6.137.1-1.azl3

fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, welche zu einem Denial-of-Service-Zustand, einer Rechteausweitung, der Ausführung von Code oder einer Speicherbeschädigung führen könnten.
Published: 2026-04-26T22:00:00+00:00

References

https://git.kernel.org/stable/c/288138418bef956f8b295751a4536c60f0e89f4a

https://git.kernel.org/stable/c/309ae3e9a51a69699ca94eac5fac5688fa562d55

https://git.kernel.org/stable/c/4d75bc2cd093bf5803edf512c099bfb220fd6459

https://git.kernel.org/stable/c/7d6a57411caf54df025860c9b1a82cd42d57a562

https://git.kernel.org/stable/c/807d6ee15804df6f01a35c910f09612e858739a6

https://git.kernel.org/stable/c/9eda5478746ef7dc0e4e537b5a5e4b0ca1027091

https://git.kernel.org/stable/c/d5603591373441fecf9951833d6d873e09320f08

https://git.kernel.org/stable/c/fdce0b3590f724540795b874b4c8850c90e6b0a8