CVE-2026-46273
Analyzed Analyzed - Analysis Complete
GSO Disabled for Small MSS in Linux Kernel ibmveth

Publication date: 2026-06-03

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until manually reset. Implement ndo_features_check to disable GSO for packets with small MSS values. The network stack will perform software segmentation instead. The 224-byte minimum matches ibmvnic commit <f10b09ef687f> ("ibmvnic: Enforce stronger sanity checks on GSO packets") which uses the same physical adapters in SEA configurations. The issue occurs specifically when the hardware attempts to perform segmentation (gso_segs > 1) with a small MSS. Single-segment GSO packets (gso_segs == 1) do not trigger the problematic LSO code path and are transmitted normally without segmentation. Add an ndo_features_check callback to disable GSO when MSS < 224 bytes. Also call vlan_features_check() to ensure proper handling of VLAN packets, particularly QinQ (802.1ad) configurations where the hardware parser may not support certain offload features. Validated using iptables to force small MSS values. Without the fix, the adapter freezes. With the fix, packets are segmented in software and transmission succeeds. Comprehensive regression testing completedd (MSS tests, performance, stability).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-09
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-46273
EUVD
EUVD-2026-34138
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.30 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 4.2 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ibmveth driver used on Power systems. Some physical network adapters do not support segmentation offload when the Maximum Segment Size (MSS) is less than 224 bytes. Attempting to send packets with small MSS values causes the adapter to freeze, stopping all network traffic until it is manually reset.

The issue arises when the hardware tries to perform segmentation offload (GSO) on packets with multiple segments (gso_segs > 1) but with a small MSS. Single-segment packets do not trigger the problem. The fix disables GSO for packets with MSS less than 224 bytes, forcing the network stack to perform segmentation in software instead, preventing the adapter from freezing.

Impact Analysis

If this vulnerability is triggered, the affected network adapter on Power systems will freeze when sending packets with small MSS values using hardware segmentation offload. This freeze stops all network traffic through the adapter until it is manually reset, causing a denial of network service.

This can lead to network outages, loss of connectivity, and potential disruption of services relying on the network adapter, impacting system availability and reliability.

Detection Guidance

This vulnerability can be detected by monitoring for adapter freezes or traffic stoppages on affected Power systems using physical adapters that do not support segmentation offload when the MSS is less than 224 bytes.

One way to detect the issue is to use iptables to force small MSS values and observe if the adapter freezes, indicating the vulnerability is present.

Specifically, testing with iptables commands that set the MSS below 224 bytes can help identify if the hardware triggers the problematic segmentation offload path.

Mitigation Strategies

The immediate mitigation is to ensure that Generic Segmentation Offload (GSO) is disabled for packets with a small MSS (less than 224 bytes) on the affected adapters.

This is achieved by implementing or applying the fix that adds an ndo_features_check callback to disable GSO for such packets, forcing the network stack to perform software segmentation instead of hardware offload.

Additionally, calling vlan_features_check() ensures proper handling of VLAN packets, especially in QinQ (802.1ad) configurations.

If the fix is not yet applied, manually resetting the adapter after a freeze is necessary to restore traffic.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart