CVE-2026-43093
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
xsk: tighten UMEM headroom validation to account for tailroom and min frame
The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted.
HW typically works with 128-aligned sizes so let us provide this value as bare minimum.
Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 5f123bc278bf4e3283d8606321bebbfd299f4384 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 1a6051cd7e3e4c54ff3854a43b638b9292af5e67 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 8769708add9eadeea8041a9761771bb715a87104 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < a03975beb9f6af0d8ac051e30b2abeabe618414f | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 0ec4d3f6e6934deb843b561ae048cd17218e5ad1 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 6523bc1b40e69301f24c14338b762af4739d6d39 | affected |
| Linux | Linux | 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < a315e022a72d95ef5f1d4e58e903cb492b0ad931 | affected |
| Linux | Linux | ad8fb61c184fe0f8d1e0b5b954d010fb9f94a6ee | affected |
| Linux | Linux | 25c9cdef57488578da21d99eb614b97ffcf6e59f | affected |
| Linux | Linux | 98d3c852e63b49129515dd18c875999efaf8530a | affected |
| Linux | Linux | 4.19.118 < 4.20 | affected |
| Linux | Linux | 5.4.35 < 5.5 | affected |
| Linux | Linux | 5.6.7 < 5.7 | affected |
| Linux | Linux | 5.7 | affected |
| Linux | Linux | 0 < 5.7 | unaffected |
| Linux | Linux | 5.10.258 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.209 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.175 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.136 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.83 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.24 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.14 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5f123bc278bf4e3283d8606321bebbfd299f4384
- https://git.kernel.org/stable/c/1a6051cd7e3e4c54ff3854a43b638b9292af5e67
- https://git.kernel.org/stable/c/8769708add9eadeea8041a9761771bb715a87104
- https://git.kernel.org/stable/c/a03975beb9f6af0d8ac051e30b2abeabe618414f
- https://git.kernel.org/stable/c/0ec4d3f6e6934deb843b561ae048cd17218e5ad1
- https://git.kernel.org/stable/c/9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12
- https://git.kernel.org/stable/c/6523bc1b40e69301f24c14338b762af4739d6d39
- https://git.kernel.org/stable/c/a315e022a72d95ef5f1d4e58e903cb492b0ad931
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.