VYPR
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-43107

CVE-2026-43107

Description

In the Linux kernel, the following vulnerability has been resolved:

xfrm: account XFRMA_IF_ID in aevent size calculation

xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set.

xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic.

Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14

Patches

Vulnerability mechanics

References

4

News mentions

1