CVE-2026-45952 Linux CVE debrief

Who should care

Organizations running Linux systems with Meta/Facebook fbnic network hardware using XDP for packet processing, particularly those with custom MTU configurations or dynamic network tuning.

Technical summary

The fbnic driver in the Linux kernel did not validate MTU changes after XDP program attachment. When MTU exceeds the HDS threshold, hardware fragments incoming packets. Single-buffer XDP programs cannot process multi-fragment frames, resulting in silent packet drops. This breaks new TCP streams and degrades network performance. The vulnerability is local (configuration change) with network impact. The fix adds runtime validation to reject MTU increases that would exceed the HDS threshold while XDP is attached.

Defensive priority

medium

Recommended defensive actions

• Review systems using fbnic (Meta/Facebook NIC) hardware with XDP programs enabled
• Verify kernel version includes the validation fix (check stable kernel updates with commits referenced in source material)
• Audit network configurations for MTU changes on interfaces with active XDP attachments
• Monitor for unexpected packet drops on TCP streams when XDP is in use
• Apply kernel updates from distribution stable channels when available

Evidence notes

CVE description confirms the vulnerability exists in the fbnic Ethernet driver. The issue is a logic gap: XDP attachment was blocked at high MTU, but MTU could still be increased afterward. Three kernel.org stable commits are referenced, indicating backports to stable kernel branches. No CVSS score or severity assigned yet (status: Awaiting Analysis per NVD).

Official resources