CVE-2026-43089

Summary

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_mapping()

struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 521385cbd50ca9474396d88462fcdfa6489685d9affected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < c2779ae9a3e5a044e5ccd564681511bbbcc5fc0faffected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 72a8de41c3eb4dcf22bf3b674ea38fb2f75d6f32affected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < d3125c541a96fb3c0fc7210112684baf22b6c24daffected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 5a1a4b049ddde41466ccac0daeec326254b133f2affected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < f779a6b6cdb6e12baa0663063ac59ab2a8f20c0caffected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 700c9622b23c33b5933e6dcea816492c064e4e10affected
LinuxLinux3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 1beb76b2053b68c491b78370794b8ff63c8f8c02affected
LinuxLinux2.6.29affected
LinuxLinux0 < 2.6.29unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.136 <= 6.6.*unaffected
LinuxLinux6.12.83 <= 6.12.*unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References