CVE-2026-43040
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
When processing Router Advertisements with user options the kernel
builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct
has three padding fields that are never zeroed and can leak kernel data
The fix is simple, just zeroes the padding fields.
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
When processing Router Advertisements with user options the kernel
builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct
has three padding fields that are never zeroed and can leak kernel data
The fix is simple, just zeroes the padding fields.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux
External References
- https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05
- https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c
- https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648
- https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4
- https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d
- https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f
- https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c
- https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67
Discussion (0)
Add Comment
No comments yet. Be the first!