CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: af_key: zero aligned sockaddr tail in PF_KEY exports<br /> <br /> PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr<br /> payload space, so IPv6 addresses occupy 32 bytes on the wire. However,<br /> `pfkey_sockaddr_fill()` initializes only the first 28 bytes of<br /> `struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized.<br /> <br /> Not every PF_KEY message is affected. The state and policy dump builders<br /> already zero the whole message buffer before filling the sockaddr<br /> payloads. Keep the fix to the export paths that still append aligned<br /> sockaddr payloads with plain `skb_put()`:<br /> <br /> - `SADB_ACQUIRE`<br /> - `SADB_X_NAT_T_NEW_MAPPING`<br /> - `SADB_X_MIGRATE`<br /> <br /> Fix those paths by clearing only the aligned sockaddr tail after<br /> `pfkey_sockaddr_fill()`.