CVE-2026-23154
Unknown Unknown - Not Provided
Segmentation Bug in Linux Kernel GSO Forwarding Causes Throughput Loss

Publication date: 2026-02-14

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs that have been converted by XLAT, since XLAT only translates the header of the head skb. Consequently, skbs in the frag_list may remain untranslated, resulting in protocol inconsistencies and reduced throughput. To address this, the patch explicitly sets the SKB_GSO_DODGY flag for GSO packets in XLAT's IPv4/IPv6 protocol translation helpers (bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO packets as potentially modified after protocol translation. As a result, GSO segmentation will avoid using skb_segment_list and instead falls back to skb_segment for packets with the SKB_GSO_DODGY flag. This ensures that only safe and fully translated frag_list packets are processed by skb_segment_list, resolving protocol inconsistencies and improving throughput when forwarding GRO packets converted by XLAT.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23154
EUVD
EUVD-2026-5883
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.9 (exc)
linux linux_kernel From 5.6 (inc) to 6.12.69 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability is a bug in the Linux kernel's network code related to the segmentation of forwarding fraglist GRO (Generic Receive Offload) packets. Specifically, the function responsible for segmenting GRO packets containing a frag_list does not correctly handle packets that have undergone protocol translation (XLAT) between IPv4 and IPv6. XLAT only translates the header of the main skb (socket buffer), leaving the skbs in the frag_list untranslated, which causes protocol inconsistencies and reduces network throughput.

The fix involves setting a flag (SKB_GSO_DODGY) on GSO (Generic Segmentation Offload) packets that have been modified by protocol translation. This flag causes the segmentation code to avoid using the problematic skb_segment_list function and instead use a safer fallback method, ensuring that only fully translated packets are processed correctly. This resolves the protocol inconsistencies and improves throughput when forwarding GRO packets converted by XLAT.

Impact Analysis

This vulnerability can lead to reduced network throughput when a device forwards IPv4 packets through an IPv6-only upstream interface via hotspots or similar setups. The improper handling of fragmented GRO packets after protocol translation can cause protocol inconsistencies, which may degrade network performance and efficiency.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23154. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart