{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53221", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.392Z", "datePublished": "2026-06-25T08:39:23.177Z", "dateUpdated": "2026-06-28T06:40:33.070Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-28T06:40:33.070Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()\n\nIn vti6_tnl_lookup(), when an exact match for a tunnel fails,\nthe code falls back to searching for wildcard tunnels:\n\n- Tunnels matching the packet's local address, with any remote address\n wildcard remote).\n\n- Tunnels matching the packet's remote address, with any local address\n (wildcard local).\n\nHowever, vti6 stores all these different types of tunnels in the same\nhash table (ip6n->tnls_r_l) prone to hash collisions.\n\nThe bug is that the fallback search loops in vti6_tnl_lookup() were\nmissing checks to ensure that the candidate tunnel actually has\na wildcard address."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ip6_vti.c"], "versions": [{"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "c327fa4fca31415431202e063767a7ae342e19c6", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "fc657ac0767c49839b3ef0b08dc0953ca30883f8", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "47fb3c2b4203556308e64354b3e78f2ce221d646", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "f513f308cc4bdb4530d033431592ffbc29b7fca1", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "90fd4513315ca07da99cfd8549d3e553a7160f0d", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "2abfb19bbb81958714ad1d43ebeb65b30394184b", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "2fc7bc087cc7085368263d9d37bfe9a0bddd6a2d", "status": "affected", "versionType": "git"}, {"version": "fbe68ee87522f6eaa10f9076c0a7117e1613f2f7", "lessThan": "a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ip6_vti.c"], "versions": [{"version": "3.19", "status": "affected"}, {"version": "0", "lessThan": "3.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.259", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.210", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "5.10.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "5.15.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c327fa4fca31415431202e063767a7ae342e19c6"}, {"url": "https://git.kernel.org/stable/c/fc657ac0767c49839b3ef0b08dc0953ca30883f8"}, {"url": "https://git.kernel.org/stable/c/47fb3c2b4203556308e64354b3e78f2ce221d646"}, {"url": "https://git.kernel.org/stable/c/f513f308cc4bdb4530d033431592ffbc29b7fca1"}, {"url": "https://git.kernel.org/stable/c/90fd4513315ca07da99cfd8549d3e553a7160f0d"}, {"url": "https://git.kernel.org/stable/c/2abfb19bbb81958714ad1d43ebeb65b30394184b"}, {"url": "https://git.kernel.org/stable/c/2fc7bc087cc7085368263d9d37bfe9a0bddd6a2d"}, {"url": "https://git.kernel.org/stable/c/a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9"}], "title": "ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()", "id": "2492751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492751"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1289", "details": ["A flaw was found in the Linux kernel, specifically within the `ip6_vti` component responsible for managing IPv6 tunnels. This vulnerability arises from an error in the `vti6_tnl_lookup()` function, which incorrectly matches network tunnels by failing to properly verify wildcard addresses during fallback searches. This can lead to network traffic being misdirected or dropped, potentially disrupting network services. The underlying cause is a lack of checks to confirm that a candidate tunnel indeed has a wildcard address."], "name": "CVE-2026-53221", "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53221\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53221\nhttps://lore.kernel.org/linux-cve-announce/2026062506-CVE-2026-53221-a644@gregkh/T"], "threat_severity": "Moderate"}