CVE-2026-43091
HIGH EPSS 2.9%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their read-side critical sections first. The policy_bydst tables are published via rcu_assign_pointer() and are looked up through rcu_dereference_check(), so netns teardown must also wait for an RCU grace period before freeing the table memory. Fix this by adding synchronize_rcu() before freeing the policy hash tables.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.9 – <6.6.136 |
| linux | linux_kernel | * | ≥6.7 – <6.12.83 |
| linux | linux_kernel | * | ≥6.13 – <6.18.24 |
| linux | linux_kernel | * | ≥6.19 – <6.19.14 |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 5
- git.kernel.org https://git.kernel.org/stable/c/069daad4f2ae9c5c108131995529d5f02392c446
- git.kernel.org https://git.kernel.org/stable/c/33a3149dd81a1e2f52b80ee1e0fc380b39f3d028
- git.kernel.org https://git.kernel.org/stable/c/3733fce2871c9bca9dd18a1a23b1432ea215a094
- git.kernel.org https://git.kernel.org/stable/c/438b1f668ad58f46ce699bb48e4698a7839e3f9e
- git.kernel.org https://git.kernel.org/stable/c/b66920a3348c0f63ba18365248fa21fbf0b3a937
Remediation
- git.kernel.org https://git.kernel.org/stable/c/069daad4f2ae9c5c108131995529d5f02392c446
- git.kernel.org https://git.kernel.org/stable/c/33a3149dd81a1e2f52b80ee1e0fc380b39f3d028
- git.kernel.org https://git.kernel.org/stable/c/3733fce2871c9bca9dd18a1a23b1432ea215a094
- git.kernel.org https://git.kernel.org/stable/c/438b1f668ad58f46ce699bb48e4698a7839e3f9e
- git.kernel.org https://git.kernel.org/stable/c/b66920a3348c0f63ba18365248fa21fbf0b3a937