2 matches found
kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...
CVE-2026-31685
The connected Red Hat/SUSE/NVD entries confirm CVE-2026-31685 affects the Linux kernel netfilter component ip6t_eui64. The root cause is that eui64_mt6() derives a modified EUI-64 from the Ethernet source and compares it with the IPv6 low 64 bits, but the existing guard only rejects an invalid MA...