Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43341
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-08 May, 2026 | 13:37
Updated At-11 May, 2026 | 22:22
Rejected At-
▼CVE Numbering Authority (CNA)
net/ipv6: ioam6: prevent schema length wraparound in trace fill

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps from 256 to 0, and bypasses the remaining-space check. __ioam6_fill_trace_data() then positions the write cursor without reserving the schema area but still copies the 4-byte schema header and the full schema payload, overrunning the trace buffer. Keep sclen in an unsigned int so the remaining-space check and the write cursor calculation both see the full schema length.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ioam6.c
Default Status
unaffected
Versions
Affected
  • From 8c6f6fa6772696be0c047a711858084b38763728 before e96d48b37708d53cbdc47f6f60b0714fc4a5f596 (git)
  • From 8c6f6fa6772696be0c047a711858084b38763728 before d1b041080086e91d3733a5438a8c51ad5d3d8e09 (git)
  • From 8c6f6fa6772696be0c047a711858084b38763728 before 77695a69baca9b99d95fad09fc78c2318736604f (git)
  • From 8c6f6fa6772696be0c047a711858084b38763728 before 184d2e9db27c0f76226b5cad16fe29510a5d2280 (git)
  • From 8c6f6fa6772696be0c047a711858084b38763728 before d6e1c9b02d85a4f1f4ba6d68e916d9b610a3ed7d (git)
  • From 8c6f6fa6772696be0c047a711858084b38763728 before 5e67ba9bb531e1ec6599a82a065dea9040b9ce50 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ioam6.c
Default Status
affected
Versions
Affected
  • 5.15
Unaffected
  • From 0 before 5.15 (semver)
  • From 6.1.168 through 6.1.* (semver)
  • From 6.6.134 through 6.6.* (semver)
  • From 6.12.81 through 6.12.* (semver)
  • From 6.18.22 through 6.18.* (semver)
  • From 6.19.12 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/e96d48b37708d53cbdc47f6f60b0714fc4a5f596
N/A
https://git.kernel.org/stable/c/d1b041080086e91d3733a5438a8c51ad5d3d8e09
N/A
https://git.kernel.org/stable/c/77695a69baca9b99d95fad09fc78c2318736604f
N/A
https://git.kernel.org/stable/c/184d2e9db27c0f76226b5cad16fe29510a5d2280
N/A
https://git.kernel.org/stable/c/d6e1c9b02d85a4f1f4ba6d68e916d9b610a3ed7d
N/A
https://git.kernel.org/stable/c/5e67ba9bb531e1ec6599a82a065dea9040b9ce50
N/A
Hyperlink: https://git.kernel.org/stable/c/e96d48b37708d53cbdc47f6f60b0714fc4a5f596
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d1b041080086e91d3733a5438a8c51ad5d3d8e09
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/77695a69baca9b99d95fad09fc78c2318736604f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/184d2e9db27c0f76226b5cad16fe29510a5d2280
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d6e1c9b02d85a4f1f4ba6d68e916d9b610a3ed7d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/5e67ba9bb531e1ec6599a82a065dea9040b9ce50
Resource: N/A
Details not found