CVE-2026-22988 PUBLISHED

arp: do not assume dev_hard_header() does not change skb->head

Assigner: Linux
Reserved: 13.01.2026 Published: 23.01.2026 Updated: 23.01.2026

In the Linux kernel, the following vulnerability has been resolved:

arp: do not assume dev_hard_header() does not change skb->head

arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged.

A recent commit broke this assumption.

Initialize @arp pointer after dev_hard_header() call.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 17e7386234f740f3e7d5e58a47b5847ea34c3bc2 to e432dbff342b95fe44645f9a90fcf333c80f4b5e (excl.)
  • affected from 41a1a3140aff295dee8063906f70a514548105e8 to 393525dee5c39acff8d6705275d7fcaabcfb7f0a (excl.)
  • affected from adee129db814474f2f81207bd182bf343832a52e to 70bddc16491ef4681f3569b3a2c80309a3edcdd1 (excl.)
  • affected from 1717357007db150c2d703f13f5695460e960f26c to 029935507d0af6553c45380fbf6feecf756fd226 (excl.)
  • affected from 5fe210533e3459197eabfdbf97327dacbdc04d60 to dd6ccec088adff4bdf33e2b2dd102df20a7128fa (excl.)
  • affected from 91a2b25be07ce1a7549ceebbe82017551d2eec92 to 949647e7771a4a01963fe953a96d81fba7acecf3 (excl.)
  • affected from db5b4e39c4e63700c68a7e65fc4e1f1375273476 to c92510f5e3f82ba11c95991824a41e59a9c5ed81 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.19-rc4 is affected
  • unaffected from 0 to 6.19-rc4 (excl.)
  • unaffected from 6.1.161 to 6.1.* (incl.)
  • unaffected from 6.6.121 to 6.6.* (incl.)
  • unaffected from 6.12.66 to 6.12.* (incl.)
  • unaffected from 6.18.6 to 6.18.* (incl.)
  • unaffected from 6.19-rc5 to * (incl.)

References