VDB

CVE-2026-43040

CVE-2026-43040 PUBLISHED

Reported by Linux · Published May 1, 2026

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.

EPSS 0.01% · 2.5th percentile

Risk Scores

EPSS Score
0.01%
2.5th percentile

Affected Products

VendorProductVersions
LinuxLinux31910575a9de61e78065e93846e8e7a4894a18bf, 31910575a9de61e78065e93846e8e7a4894a18bf, 31910575a9de61e78065e93846e8e7a4894a18bf
LinuxLinux2.6.24, 0, 5.10.253
LinuxLinux*, 5.15.203, 6.1.168
linuxlinux_kernel2.6.24, 2.6.24, 2.6.24

Timeline

  • May 1, 2026 CVE Published
  • May 11, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›