CVE-2026-43035
Published: May 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e - < 903c3405cfcc7700260e456ab66a5867586c9e69affected 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e - < 71a3eda7e850ae844cb8993065f4e410c11a46ceaffected 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e - < 4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3affected 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e - < e35f5195cd44ff4053fbc5d71ea97681728a0099affected 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e - < d6db08484c6cb3d4ad696246f9d288eceba2a078+3 more versions |
Linux | Linux | affected 4.19unaffected 0 - < 4.19unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now