CVE-2026-43107
MEDIUM EPSS 1.7%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic. Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-131
Affected Products 10
References 4
- git.kernel.org https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
- git.kernel.org https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
- git.kernel.org https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
- git.kernel.org https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c
Remediation
- git.kernel.org https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
- git.kernel.org https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
- git.kernel.org https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
- git.kernel.org https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c