Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43107
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 07:40
Updated At-06 May, 2026 | 07:40
Rejected At-
▼CVE Numbering Authority (CNA)
xfrm: account XFRMA_IF_ID in aevent size calculation

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic. Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xfrm/xfrm_user.c
Default Status
unaffected
Versions
Affected
  • From 7e6526404adedf079279aa7aa11722deaca8fe2e before 2c41283d94af943a05f7f2cc1a01f0c872f3cf43 (git)
  • From 7e6526404adedf079279aa7aa11722deaca8fe2e before e62e322ea20be78e346e4b49f9a6b9f03313af4c (git)
  • From 7e6526404adedf079279aa7aa11722deaca8fe2e before 58e5735d1a5373652f405a0c16e54ac04aaab0ad (git)
  • From 7e6526404adedf079279aa7aa11722deaca8fe2e before 7081d46d32312f1a31f0e0e99c6835a394037599 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xfrm/xfrm_user.c
Default Status
affected
Versions
Affected
  • 4.19
Unaffected
  • From 0 before 4.19 (semver)
  • From 6.12.83 through 6.12.* (semver)
  • From 6.18.24 through 6.18.* (semver)
  • From 6.19.14 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
N/A
https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c
N/A
https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
N/A
https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
N/A
Hyperlink: https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599
Resource: N/A
Details not found