CVE-2026-43089
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/05/2026
Last modified:
06/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
xfrm_user: fix info leak in build_mapping()<br />
<br />
struct xfrm_usersa_id has a one-byte padding hole after the proto<br />
field, which ends up never getting set to zero before copying out to<br />
userspace. Fix that up by zeroing out the whole structure before<br />
setting individual variables.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02
- https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2
- https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10
- https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d
- https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c