CVE-2026-45850 Linux CVE debrief

Who should care

Organizations running Linux kernel-based load balancers using IPVS with IPv6 traffic; network infrastructure teams managing IPv6-enabled services; kernel maintainers and distribution vendors packaging stable kernel updates

Technical summary

The IPVS (IP Virtual Server) subsystem in the Linux kernel fails to properly validate protocol checksums for IPv6 packets containing extension headers. The root cause is incorrect offset calculation when locating the protocol header for checksum verification. The vulnerability is resolved by using iph->len, which already accounts for extension header offsets, to correctly position the checksum calculation. This affects IPv6 traffic processing in load balancing scenarios using IPVS.

Defensive priority

medium

Recommended defensive actions

• Review Linux kernel version and apply stable tree patches for IPVS IPv6 checksum handling if running IPVS with IPv6 workloads
• Monitor NVD for CVSS scoring once analysis is complete
• Assess IPVS deployment configurations for IPv6 traffic exposure
• Verify checksum validation behavior in test environments before production deployment

Evidence notes

The CVE description and kernel commit references confirm this is a resolved logic error in IPv6 extension header handling within IPVS. No CVSS score or severity rating has been assigned as of the CVE publication date. The vulnerability status in NVD is 'Awaiting Analysis'.

Official resources