CVE-2026-43036

MEDIUM EPSS 2.3%
Published May 1, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: use skb_header_pointer() for TCPv4 GSO frag_off check Syzbot reported a KMSAN uninit-value warning in gso_features_check() called from netif_skb_features() [1]. gso_features_check() reads iph->frag_off to decide whether to clear mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr() can rely on skb header offsets that are not always safe for direct dereference on packets injected from PF_PACKET paths. Use skb_header_pointer() for the TCPv4 frag_off check so the header read is robust whether data is already linear or needs copying. [1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/cc91202fc20a44aab4c206f12a2bfe05da936051
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d970341cfa5594614c7a6634886c7688b4f5cafd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7a6cd508e9e825a2c69fa9e13d41ee156852f25
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/cc91202fc20a44aab4c206f12a2bfe05da936051
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d970341cfa5594614c7a6634886c7688b4f5cafd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7a6cd508e9e825a2c69fa9e13d41ee156852f25
    Patch