Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup[EOL][EOL]Raw IP packets have no MAC header, leaving skb->mac_header uninitialized.[EOL]This can trigger kernel panics on ARM64 when xfrm or other subsystems[EOL]access the offset due to strict alignment checks.[EOL][EOL]Initialize the MAC header to prevent such crashes.[EOL][EOL]This can trigger kernel panics on ARM when running IPsec over the[EOL]qmimux0 interface.[EOL][EOL]Example trace:[EOL][EOL] Internal error: Oops: 000000009600004f [#1] SMP[EOL] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1[EOL] Hardware name: LS1028A RDB Board (DT)[EOL] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[EOL] pc : xfrm_input+0xde8/0x1318[EOL] lr : xfrm_input+0x61c/0x1318[EOL] sp : ffff800080003b20[EOL] Call trace:[EOL] xfrm_input+0xde8/0x1318[EOL] xfrm6_rcv+0x38/0x44[EOL] xfrm6_esp_rcv+0x48/0xa8[EOL] ip6_protocol_deliver_rcu+0x94/0x4b0[EOL] ip6_input_finish+0x44/0x70[EOL] ip6_input+0x44/0xc0[EOL] ipv6_rcv+0x6c/0x114[EOL] __netif_receive_skb_one_core+0x5c/0x8c[EOL] __netif_receive_skb+0x18/0x60[EOL] process_backlog+0x78/0x17c[EOL] __napi_poll+0x38/0x180[EOL] net_rx_action+0x168/0x2f0
