Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43089
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 07:40
Updated At-06 May, 2026 | 07:40
Rejected At-
▼CVE Numbering Authority (CNA)
xfrm_user: fix info leak in build_mapping()

In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xfrm/xfrm_user.c
Default Status
unaffected
Versions
Affected
  • From 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 before d3125c541a96fb3c0fc7210112684baf22b6c24d (git)
  • From 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 before 5a1a4b049ddde41466ccac0daeec326254b133f2 (git)
  • From 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 before f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c (git)
  • From 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 before 700c9622b23c33b5933e6dcea816492c064e4e10 (git)
  • From 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 before 1beb76b2053b68c491b78370794b8ff63c8f8c02 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xfrm/xfrm_user.c
Default Status
affected
Versions
Affected
  • 2.6.29
Unaffected
  • From 0 before 2.6.29 (semver)
  • From 6.6.136 through 6.6.* (semver)
  • From 6.12.83 through 6.12.* (semver)
  • From 6.18.24 through 6.18.* (semver)
  • From 6.19.14 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d
N/A
https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2
N/A
https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c
N/A
https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10
N/A
https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02
N/A
Hyperlink: https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02
Resource: N/A
Details not found