CVE-2026-46273
GSO Disabled for Small MSS in Linux Kernel ibmveth
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If this vulnerability is triggered, the affected network adapter on Power systems will freeze when sending packets with small MSS values using hardware segmentation offload. This freeze stops all network traffic through the adapter until it is manually reset, causing a denial of network service.
This can lead to network outages, loss of connectivity, and potential disruption of services relying on the network adapter, impacting system availability and reliability.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ibmveth driver used on Power systems. Some physical network adapters do not support segmentation offload when the Maximum Segment Size (MSS) is less than 224 bytes. Attempting to send packets with small MSS values causes the adapter to freeze, stopping all network traffic until it is manually reset.
The issue arises when the hardware tries to perform segmentation offload (GSO) on packets with multiple segments (gso_segs > 1) but with a small MSS. Single-segment packets do not trigger the problem. The fix disables GSO for packets with MSS less than 224 bytes, forcing the network stack to perform segmentation in software instead, preventing the adapter from freezing.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to ensure that Generic Segmentation Offload (GSO) is disabled for packets with a small MSS (less than 224 bytes) on the affected adapters.
This is achieved by implementing or applying the fix that adds an ndo_features_check callback to disable GSO for such packets, forcing the network stack to perform software segmentation instead of hardware offload.
Additionally, calling vlan_features_check() ensures proper handling of VLAN packets, especially in QinQ (802.1ad) configurations.
If the fix is not yet applied, manually resetting the adapter after a freeze is necessary to restore traffic.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for adapter freezes or traffic stoppages on affected Power systems using physical adapters that do not support segmentation offload when the MSS is less than 224 bytes.
One way to detect the issue is to use iptables to force small MSS values and observe if the adapter freezes, indicating the vulnerability is present.
Specifically, testing with iptables commands that set the MSS below 224 bytes can help identify if the hardware triggers the problematic segmentation offload path.