In the Linux kernel, the following vulnerability has been resolved:

net: pull headers in qdisc_pkt_len_segs_init()

Most ndo_start_xmit() methods expects headers of gso packets
to be already in skb->head.

net/core/tso.c users are particularly at risk, because tso_build_hdr()
does a memcpy(hdr, skb->data, hdr_len);

qdisc_pkt_len_segs_init() already does a dissection of gso packets.

Use pskb_may_pull() instead of skb_header_pointer() to make
sure drivers do not have to reimplement this.

Some malicious packets could be fed, detect them so that we can
drop them sooner with a new SKB_DROP_REASON_SKB_BAD_GSO drop_reason.

https://git.kernel.org/stable/c/7fb4c19670110f052c04e1ec1d2b953b9f4f57e4

https://git.kernel.org/stable/c/9d4f5c68f5ad4ab425f3ce1500c97c9f9743999a

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/dropreason-core.h","net/core/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e876f208af18b074f800656e4d1b99da75b2135f","lessThan":"9d4f5c68f5ad4ab425f3ce1500c97c9f9743999a","versionType":"git","status":"affected"},{"version":"e876f208af18b074f800656e4d1b99da75b2135f","lessThan":"7fb4c19670110f052c04e1ec1d2b953b9f4f57e4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/dropreason-core.h","net/core/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.16","status":"affected"},{"version":"0","lessThan":"3.16","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]