VYPR
Critical severity9.8NVD Advisory· Published May 8, 2026· Updated May 15, 2026

CVE-2026-43341

CVE-2026-43341

Description

In the Linux kernel, the following vulnerability has been resolved:

net/ipv6: ioam6: prevent schema length wraparound in trace fill

ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps from 256 to 0, and bypasses the remaining-space check. __ioam6_fill_trace_data() then positions the write cursor without reserving the schema area but still copies the 4-byte schema header and the full schema payload, overrunning the trace buffer.

Keep sclen in an unsigned int so the remaining-space check and the write cursor calculation both see the full schema length.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

61

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.