GHSA-jmmv-2hp7-p7g5unknown

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict...

Published
June 25, 2026
Last Modified
June 25, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

tcp: restrict SO_ATTACH_FILTER to priv users

This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability.

This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.

🔗 References (8)