CVE-2026-43093

Summary

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame

The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted.

HW typically works with 128-aligned sizes so let us provide this value as bare minimum.

Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 5f123bc278bf4e3283d8606321bebbfd299f4384affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 1a6051cd7e3e4c54ff3854a43b638b9292af5e67affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 8769708add9eadeea8041a9761771bb715a87104affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < a03975beb9f6af0d8ac051e30b2abeabe618414faffected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 0ec4d3f6e6934deb843b561ae048cd17218e5ad1affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < 6523bc1b40e69301f24c14338b762af4739d6d39affected
LinuxLinux99e3a236dd43d06c65af0a2ef9cb44306aef6e02 < a315e022a72d95ef5f1d4e58e903cb492b0ad931affected
LinuxLinuxad8fb61c184fe0f8d1e0b5b954d010fb9f94a6eeaffected
LinuxLinux25c9cdef57488578da21d99eb614b97ffcf6e59faffected
LinuxLinux98d3c852e63b49129515dd18c875999efaf8530aaffected
LinuxLinux4.19.118 < 4.20affected
LinuxLinux5.4.35 < 5.5affected
LinuxLinux5.6.7 < 5.7affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.136 <= 6.6.*unaffected
LinuxLinux6.12.83 <= 6.12.*unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References