CVE-2026-43088

MEDIUM EPSS 2.3%
Published May 6, 20261mo ago · Modified Jun 19, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, `pfkey_sockaddr_fill()` initializes only the first 28 bytes of `struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized. Not every PF_KEY message is affected. The state and policy dump builders already zero the whole message buffer before filling the sockaddr payloads. Keep the fix to the export paths that still append aligned sockaddr payloads with plain `skb_put()`: - `SADB_ACQUIRE` - `SADB_X_NAT_T_NEW_MAPPING` - `SADB_X_MIGRATE` Fix those paths by clearing only the aligned sockaddr tail after `pfkey_sockaddr_fill()`.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <6.12.88
linuxlinux_kernel*≥6.13  –  <6.18.30
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/11cbf294bac623bd57296f231199193087f57b4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e74f974359b5382ecbe8536abbb5b837eb6c724
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c19cb8a84ef709d57943bd6664cf31cb91ba6ec
  • git.kernel.org https://git.kernel.org/stable/c/426c355742f02cf743b347d9d7dbdc1bfbfa31ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/edd446ee7cd3d02cac246168063d5b3e9ea68460
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/11cbf294bac623bd57296f231199193087f57b4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e74f974359b5382ecbe8536abbb5b837eb6c724
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/426c355742f02cf743b347d9d7dbdc1bfbfa31ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/edd446ee7cd3d02cac246168063d5b3e9ea68460
    Patch