CVE-2026-43107

MEDIUM EPSS 1.7%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic. Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-131

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥4.19  –  <6.12.83
linuxlinux_kernel*≥6.13  –  <6.18.24
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c
    Patch