Primary

Context

Linux Kernel ARP Header Handling Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's ARP handling has been addressed. The issue arose because the function 'dev_hard_header()' can modify the 'skb->head' pointer, contrary to the assumption made by 'arp_create()'. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to improper handling of ARP packets, potentially causing network communication issues or allowing for ARP spoofing attacks.

Reproduction

The vulnerability can be reproduced by calling the 'arp_create()' function with a device that has a modified 'dev_hard_header()' implementation. This will demonstrate the assumption that 'skb->head' remains unchanged, which is no longer valid.

Remediation

Users can update to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.

Added: Jan 23, 2026, 4:30 PM

Updated: Jan 23, 2026, 4:30 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

5.3

remediation

7.7

relevance

2.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

5.3

remediation

7.7

relevance

2.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ARP Header Handling Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating