CVE-2026-43452

HIGH EPSS 35.4%
Published May 8, 20261mo ago · Modified Jun 17, 20262w ago
8.2 CVSS 3.1
High
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += op[i + 1] ? : 1 can read op[i + 1] past the end of the option area. Add an explicit i == optlen - 1 check before dereferencing op[i + 1] in xt_tcpudp and xt_dccp option walkers.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
35.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.16  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.19
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/5b18b8b35c7cded2d17b2b2604c9b0694ff48d1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b94f0e42ed248eb31929da84ed9f5310d7ff540
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae1e1267650638136b84c23f2b31250f0ccb6823
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc18551c6169eac5ed813778d3e3e484002dbbe5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2a445367a496a3c25dbc940c10c8bd1cfd4c14a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c39f84e4be1be63fc60ca7141ea7b76edcea5907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfe770220ac2dbd3e104c6b45094037455da81d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d04800323336eebf441d153f43234eac9b833d36
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5b18b8b35c7cded2d17b2b2604c9b0694ff48d1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b94f0e42ed248eb31929da84ed9f5310d7ff540
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae1e1267650638136b84c23f2b31250f0ccb6823
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc18551c6169eac5ed813778d3e3e484002dbbe5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2a445367a496a3c25dbc940c10c8bd1cfd4c14a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c39f84e4be1be63fc60ca7141ea7b76edcea5907
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfe770220ac2dbd3e104c6b45094037455da81d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d04800323336eebf441d153f43234eac9b833d36
    Patch