CVE-2026-53249
Analyzed Analyzed - Analysis Complete

Linux Kernel IPv4 LSRR/SSRR Option Privilege Restriction

Vulnerability report for CVE-2026-53249, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-07

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. This prevents unprivileged applications from forcing packets to route through attacker-controlled nodes to leak TCP ISN and possibly other protocol information. While LSRR and SSRR are commonly filtered in many network environments, they may still be supported and forwarded along some network paths. RFC 7126 (Recommendations on Filtering of IPv4 Packets Containing IPv4 Options) recommend to drop these options in 4.3 and 4.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-07
Generated
2026-07-15
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 18 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.210 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 2.6.12.1 (inc) to 5.10.259 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves the use of IPv4 Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options by unprivileged users. Detection can focus on identifying packets with these IP options on your network or system.

Since LSRR and SSRR options are often filtered but may still be forwarded in some environments, monitoring network traffic for these options can help detect potential exploitation attempts.

You can use packet capture tools like tcpdump or Wireshark to detect packets containing LSRR or SSRR options.

  • Using tcpdump to capture packets with LSRR or SSRR options: tcpdump -vvv 'ip[20] & 0x83 != 0'
  • Using Wireshark, apply a display filter for IPv4 options: ip.options && (ip.options == 131 || ip.options == 137)

Additionally, checking system capabilities to ensure that only privileged users have CAP_NET_RAW capability can help mitigate the vulnerability.

Executive Summary

This vulnerability in the Linux kernel involves the IPv4 options Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR). Previously, unprivileged users could set these IP options, which allow packets to be routed through specific nodes.

The vulnerability is that unprivileged applications could exploit this to force packets to route through attacker-controlled nodes, potentially leaking TCP Initial Sequence Numbers (ISN) and other protocol information.

The patch restricts setting these options only to users with the CAP_NET_RAW capability, preventing unprivileged users from abusing these options.

Impact Analysis

If exploited, this vulnerability could allow an attacker to force network packets to pass through nodes they control, which can lead to leakage of sensitive TCP protocol information such as Initial Sequence Numbers.

This information leakage could be used to facilitate further attacks on network communications, potentially compromising confidentiality and integrity of data.

Mitigation Strategies

To mitigate this vulnerability, ensure that only users with the CAP_NET_RAW capability can set the Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options.

Additionally, consider filtering or dropping IPv4 packets containing LSRR and SSRR options in your network, as recommended by RFC 7126.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53249. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart