CVE-2026-43083

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ioam6: fix OOB and missing lock<br /> <br /> When trace-&gt;type.bit6 is set:<br /> <br /> if (trace-&gt;type.bit6) {<br /> ...<br /> queue = skb_get_tx_queue(dev, skb);<br /> qdisc = rcu_dereference(queue-&gt;qdisc);<br /> <br /> This code can lead to an out-of-bounds access of the dev-&gt;_tx[] array<br /> when is_input is true. In such a case, the packet is on the RX path and<br /> skb-&gt;queue_mapping contains the RX queue index of the ingress device. If<br /> the ingress device has more RX queues than the egress device (dev) has<br /> TX queues, skb_get_queue_mapping(skb) will exceed dev-&gt;num_tx_queues.<br /> Add a check to avoid this situation since skb_get_tx_queue() does not<br /> clamp the index. This issue has also revealed that per queue visibility<br /> cannot be accurate and will be replaced later as a new feature.<br /> <br /> While at it, add missing lock around qdisc_qstats_qlen_backlog(). The<br /> function __ioam6_fill_trace_data() is called from both softirq and<br /> process contexts, hence the use of spin_lock_bh() here.