CVE-2026-53003
pppoe: drop PFC frames
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
24 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
pppoe: drop PFC frames
RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT
RECOMMENDED for PPPoE. In practice, pppd does not support negotiating
PFC for PPPoE sessions, and the current PPPoE driver assumes an
uncompressed (2-byte) protocol field. However, the generic PPP layer
function ppp_input() is not aware of the negotiation result, and still
accepts PFC frames.
If a peer with a broken implementation or an attacker sends a frame with
a compressed (1-byte) protocol field, the subsequent PPP payload is
shifted by one byte. This causes the network header to be 4-byte
misaligned, which may trigger unaligned access exceptions on some
architectures.
To reduce the attack surface, drop PPPoE PFC frames. Introduce
ppp_skb_is_compressed_proto() helper function to be used in both
ppp_generic.c and pppoe.c to avoid open-coding.
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4fhttps://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1ehttps://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3