CVE-2026-53003
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability was found in the Linux kernel's PPPoE driver that drops frames with Protocol Field Compression (PFC). An attacker can send a crafted frame with a 1-byte protocol field, shifting the payload by one byte and potentially causing unaligned access exceptions on some architectures.
Risk Assessment
The risk involves potential system crashes (kernel panic) or network misbehavior by sending specially crafted PPPoE frames with PFC compression.
Recommendation
Immediately update the Linux kernel to a version containing the fix that drops PFC frames in PPPoE. Monitor official security advisories from your Linux distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an uncompressed (2-byte) protocol field. However, the generic PPP layer function ppp_input() is not aware of the negotiation result, and still accepts PFC frames. If a peer with a broken implementation or an attacker sends a frame with a compressed (1-byte) protocol field, the subsequent PPP payload is shifted by one byte. This causes the network header to be 4-byte misaligned, which may trigger unaligned access exceptions on some architectures. To reduce the attack surface, drop PPPoE PFC frames. Introduce ppp_skb_is_compressed_proto() helper function to be used in both ppp_generic.c and pppoe.c to avoid open-coding.

