HOMEVULNERABILITIESCVE-2026-53014
NONE

CVE-2026-53014

Published: June 24, 2026· Updated: Jun 24, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

In tcf_blockcast_redir(), when iterating block ports to redirect

packets to multiple devices, the mac_header_xmit flag is queried

from the wrong device. The loop sends to dev_prev but queries

dev_is_mac_header_xmit(dev) — which is the NEXT device in the

iteration, not the one being sent to.

This causes tcf_mirred_to_dev() to make incorrect decisions about

whether to push or pull the MAC header. When the block contains

mixed device types (e.g., an ethernet veth and a tunnel device),

intermediate devices get the wrong mac_header_xmit flag, leading to

skb header corruption. In the worst case, skb_push_rcsum with an

incorrect mac_len can exhaust headroom and panic.

The last device in the loop is handled correctly (line 365-366 uses

dev_is_mac_header_xmit(dev_prev)), confirming this is a copy-paste

oversight for the intermediate devices.

Fix by using dev_prev instead of dev for the mac_header_xmit query,

consistent with the device actually being sent to.

NVD Source

Technical Analysis

CVE-2026-53014 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-53014
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53014 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.