High severity8.2NVD Advisory· Published May 6, 2026· Updated May 11, 2026
CVE-2026-43190
CVE-2026-43190
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_tcpmss: check remaining length before reading optlen
Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads op[i+1] directly without validating the remaining option length.
If the last byte of the option field is not EOL/NOP (0/1), the code attempts to index op[i+1]. In the case where i + 1 == optlen, this causes an out-of-bounds read, accessing memory past the optlen boundary (either reading beyond the stack buffer _opt or the following payload).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
91cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.12.1,<5.10.252
- cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*
- osv-coords83 versionspkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
< 4.18.0-553.126.1.el8_10+ 82 more
- (no CPE)range: < 4.18.0-553.126.1.el8_10
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 5.14.0-687.12.1.el9_8
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
- (no CPE)range: < 3.0.101-108.210.1
Patches
Vulnerability mechanics
References
8- git.kernel.org/stable/c/07a9b32eaae792ff7d0fcac14d8920c937c0a9c3nvdPatch
- git.kernel.org/stable/c/5e13d0a37666955b6cfddc0f73cb40ed645b8a05nvdPatch
- git.kernel.org/stable/c/735ee8582da3d239eb0c7a53adca61b79fb228b3nvdPatch
- git.kernel.org/stable/c/8b300f726640c48c3edfe9c453334dd801f4b74envdPatch
- git.kernel.org/stable/c/cd5beda7e0e32865e214f28034bb92c1cecff885nvdPatch
- git.kernel.org/stable/c/eaedc0bc18be46fe7f58170e967959a932c4f824nvdPatch
- git.kernel.org/stable/c/f6c412dcfd76b0516d51aa847d8f4c7b70381b09nvdPatch
- git.kernel.org/stable/c/f895191dc32c53eaf443b6443fe40945b2f92287nvdPatch
News mentions
0No linked articles in our index yet.