CVE-2026-43035

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field.

The fix simply zeroes tcm_info alongside the other fields that are already initialized.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 903c3405cfcc7700260e456ab66a5867586c9e69affected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 71a3eda7e850ae844cb8993065f4e410c11a46ceaffected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3affected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < e35f5195cd44ff4053fbc5d71ea97681728a0099affected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < d6db08484c6cb3d4ad696246f9d288eceba2a078affected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 906997ea3766c24fbbf9cc4bf17c047315bbd138affected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 1091b3c174441a52fdbb92e2fe00338f9371a91caffected
LinuxLinux32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < e6e3eb5ee89ac4c163d46429391c889a1bb5e404affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.168 <= 6.1.*unaffected
LinuxLinux6.6.134 <= 6.6.*unaffected
LinuxLinux6.12.81 <= 6.12.*unaffected
LinuxLinux6.18.22 <= 6.18.*unaffected
LinuxLinux6.19.12 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References