Medium severity5.5NVD Advisory· Published May 6, 2026· Updated Jun 1, 2026
CVE-2026-43089
CVE-2026-43089
Description
In the Linux kernel, the following vulnerability has been resolved:
xfrm_user: fix info leak in build_mapping()
struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.29.1,<6.6.136
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
8- git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02nvdPatch
- git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2nvdPatch
- git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10nvdPatch
- git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24dnvdPatch
- git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0cnvdPatch
- git.kernel.org/stable/c/521385cbd50ca9474396d88462fcdfa6489685d9nvd
- git.kernel.org/stable/c/72a8de41c3eb4dcf22bf3b674ea38fb2f75d6f32nvd
- git.kernel.org/stable/c/c2779ae9a3e5a044e5ccd564681511bbbcc5fc0fnvd
News mentions
0No linked articles in our index yet.