CVE-2026-43040
Published: May 2, 2026Last modified: May 2, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.168-r0) |
| 25 LTS | linux-lts | Fixed (6.12.81-r0) | |
| Stream | linux-lts | Fixed (6.12.85-r0) |
References
- https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05
- https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c
- https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648
- https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4
- https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d
- https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f
- https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c
- https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67