VDB
CVE-2026-43089
CVE-2026-43089
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.
EPSS 0.01% · 2.3th percentile
Risk Scores
EPSS Score
0.01%
2.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 2.6.29, 2.6.29, 2.6.29 |
| Linux | Linux | 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4, 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4, 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 |
Timeline
- May 6, 2026 CVE Published
- May 6, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d url
- https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2 url
- https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c url
- https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10 url
- https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-43089 advisory