CVE-2026-53236
Received Received - Intake
TCP Socket SO_ATTACH_FILTER Privilege Escalation Fix

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53236
EUVD
EUVD-2026-39327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the SO_ATTACH_FILTER option on TCP sockets. Previously, unprivileged users could attach a filter using cBPF (classic Berkeley Packet Filter) to TCP sockets.

This allowed a potential side-channel attack where an unprivileged application could leak TCP sequence and acknowledgment numbers by attaching such a filter.

The vulnerability was fixed by restricting the use of SO_ATTACH_FILTER on TCP sockets to only users with the CAP_NET_ADMIN capability, which is a privileged capability.

Impact Analysis

If exploited, this vulnerability could allow an unprivileged user or application to perform a side-channel attack to leak TCP sequence and acknowledgment numbers.

Leaking these numbers could potentially allow attackers to interfere with or hijack TCP connections, leading to unauthorized data access or manipulation.

Mitigation Strategies

The vulnerability is mitigated by restricting the use of SO_ATTACH_FILTER on TCP sockets to users with the CAP_NET_ADMIN capability.

To mitigate this vulnerability, ensure that only privileged users with CAP_NET_ADMIN capability can attach filters to TCP sockets.

Applying the patch or updating the Linux kernel to a version that includes this fix will prevent unprivileged applications from attaching filters that could leak TCP sequence or acknowledgment numbers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53236. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart