CVE-2026-22988 arp: do not assume dev_hard_header() does not change skb->head

🗓️ 23 Jan 2026 15:24:09Reported by LinuxType

CVE-2026-22988: arp fixes the assumption that dev_hard_header() changes skb head; arp pointer is initialized after the call.

Reporter	Title	Published	Views	Family All 51
ATTACKERKB	CVE-2026-22988	23 Jan 202615:24	–	attackerkb
AstraLinux	Astra Linux - уязвимость в linux-5.10, linux-6.1	20 May 202605:53	–	astralinux
Circl	CVE-2026-22988	23 Jan 202617:05	–	circl
CNNVD	Linux Kernel Security Vulnerabilities	23 Jan 202600:00	–	cnnvd
CVE	CVE-2026-22988	23 Jan 202615:24	–	cve
Debian CVE	CVE-2026-22988	23 Jan 202615:24	–	debiancve
Oracle linux	Unbreakable Enterprise kernel security update	10 Mar 202600:00	–	oraclelinux
Oracle linux	Unbreakable Enterprise kernel security update	10 Mar 202600:00	–	oraclelinux
EUVD	EUVD-2026-4299	23 Jan 202615:24	–	euvd
Mageia	Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities	15 Apr 202616:42	–	mageia

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv4/arp.c"
    ],
    "versions": [
      {
        "version": "17e7386234f740f3e7d5e58a47b5847ea34c3bc2",
        "lessThan": "e432dbff342b95fe44645f9a90fcf333c80f4b5e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "41a1a3140aff295dee8063906f70a514548105e8",
        "lessThan": "393525dee5c39acff8d6705275d7fcaabcfb7f0a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "adee129db814474f2f81207bd182bf343832a52e",
        "lessThan": "70bddc16491ef4681f3569b3a2c80309a3edcdd1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1717357007db150c2d703f13f5695460e960f26c",
        "lessThan": "029935507d0af6553c45380fbf6feecf756fd226",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5fe210533e3459197eabfdbf97327dacbdc04d60",
        "lessThan": "dd6ccec088adff4bdf33e2b2dd102df20a7128fa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "91a2b25be07ce1a7549ceebbe82017551d2eec92",
        "lessThan": "949647e7771a4a01963fe953a96d81fba7acecf3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "db5b4e39c4e63700c68a7e65fc4e1f1375273476",
        "lessThan": "c92510f5e3f82ba11c95991824a41e59a9c5ed81",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv4/arp.c"
    ],
    "versions": [
      {
        "version": "6.1.160",
        "lessThan": "6.1.161",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.6.120",
        "lessThan": "6.6.121",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.12.64",
        "lessThan": "6.12.66",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.18.4",
        "lessThan": "6.18.6",
        "status": "affected",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/e432dbff342b95fe44645f9a90fcf333c80f4b5e
git	www.git.kernel.org/stable/c/c92510f5e3f82ba11c95991824a41e59a9c5ed81
git	www.git.kernel.org/stable/c/70bddc16491ef4681f3569b3a2c80309a3edcdd1
git	www.git.kernel.org/stable/c/949647e7771a4a01963fe953a96d81fba7acecf3
git	www.git.kernel.org/stable/c/dd6ccec088adff4bdf33e2b2dd102df20a7128fa
git	www.git.kernel.org/stable/c/393525dee5c39acff8d6705275d7fcaabcfb7f0a
git	www.git.kernel.org/stable/c/029935507d0af6553c45380fbf6feecf756fd226

11 May 2026 21:57Current

CVSS 3.17.8

EPSS0.00123