Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43197
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 11:28
Updated At-11 May, 2026 | 22:19
Rejected At-
▼CVE Numbering Authority (CNA)
netconsole: avoid OOB reads, msg is not nul-terminated

In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 ("netconsole: convert to NBCON console infrastructure") the message would be placed in printk_shared_pbufs, a static global buffer, so KASAN had harder time catching OOB accesses. Now we see: printk: console [netcon_ext0] enabled BUG: KASAN: slab-out-of-bounds in string+0x1f7/0x240 Read of size 1 at addr ffff88813b6d4c00 by task pr/netcon_ext0/594 CPU: 65 UID: 0 PID: 594 Comm: pr/netcon_ext0 Not tainted 6.19.0-11754-g4246fd6547c9 Call Trace: kasan_report+0xe4/0x120 string+0x1f7/0x240 vsnprintf+0x655/0xba0 scnprintf+0xba/0x120 netconsole_write+0x3fe/0xa10 nbcon_emit_next_record+0x46e/0x860 nbcon_kthread_func+0x623/0x750 Allocated by task 1: nbcon_alloc+0x1ea/0x450 register_console+0x26b/0xe10 init_netconsole+0xbb0/0xda0 The buggy address belongs to the object at ffff88813b6d4000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 0 bytes to the right of allocated 3072-byte region [ffff88813b6d4000, ffff88813b6d4c00)

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/netconsole.c
Default Status
unaffected
Versions
Affected
  • From c62c0a17f9b7398022f9eebe547878033264f81f before 3126a2f98beaec5a554a1fb31c46db1e8542665e (git)
  • From c62c0a17f9b7398022f9eebe547878033264f81f before 74ab1456eaa3b2eb986138f9e1f4cb37e73b6f58 (git)
  • From c62c0a17f9b7398022f9eebe547878033264f81f before 82aec772fca2223bc5774bd9af486fd95766e578 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/netconsole.c
Default Status
affected
Versions
Affected
  • 6.6
Unaffected
  • From 0 before 6.6 (semver)
  • From 6.18.16 through 6.18.* (semver)
  • From 6.19.6 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/3126a2f98beaec5a554a1fb31c46db1e8542665e
N/A
https://git.kernel.org/stable/c/74ab1456eaa3b2eb986138f9e1f4cb37e73b6f58
N/A
https://git.kernel.org/stable/c/82aec772fca2223bc5774bd9af486fd95766e578
N/A
Hyperlink: https://git.kernel.org/stable/c/3126a2f98beaec5a554a1fb31c46db1e8542665e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/74ab1456eaa3b2eb986138f9e1f4cb37e73b6f58
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/82aec772fca2223bc5774bd9af486fd95766e578
Resource: N/A
Details not found