CVE-2026-53236
Analyzed Analyzed - Analysis Complete

TCP Socket SO_ATTACH_FILTER Privilege Escalation Fix

Vulnerability report for CVE-2026-53236, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-08
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 17 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 2.6.12.1 (inc) to 6.1.176 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the SO_ATTACH_FILTER option on TCP sockets. Previously, unprivileged users could attach a filter using cBPF (classic Berkeley Packet Filter) to TCP sockets.

This allowed a potential side-channel attack where an unprivileged application could leak TCP sequence and acknowledgment numbers by attaching such a filter.

The vulnerability was fixed by restricting the use of SO_ATTACH_FILTER on TCP sockets to only users with the CAP_NET_ADMIN capability, which is a privileged capability.

Impact Analysis

If exploited, this vulnerability could allow an unprivileged user or application to perform a side-channel attack to leak TCP sequence and acknowledgment numbers.

Leaking these numbers could potentially allow attackers to interfere with or hijack TCP connections, leading to unauthorized data access or manipulation.

Mitigation Strategies

The vulnerability is mitigated by restricting the use of SO_ATTACH_FILTER on TCP sockets to users with the CAP_NET_ADMIN capability.

To mitigate this vulnerability, ensure that only privileged users with CAP_NET_ADMIN capability can attach filters to TCP sockets.

Applying the patch or updating the Linux kernel to a version that includes this fix will prevent unprivileged applications from attaching filters that could leak TCP sequence or acknowledgment numbers.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53236. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart