CVE-2026-43040
Published: May 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 31910575a9de61e78065e93846e8e7a4894a18bf - < 1da9023f6b071a38e5430ffbce4b70b2b1ac4f9caffected 31910575a9de61e78065e93846e8e7a4894a18bf - < 2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648affected 31910575a9de61e78065e93846e8e7a4894a18bf - < 11d7fe97421cfc81549940c20ed5ac9472d6db05affected 31910575a9de61e78065e93846e8e7a4894a18bf - < 7f56d87e527bb5a13c3e8b0d5840cb6332822f6daffected 31910575a9de61e78065e93846e8e7a4894a18bf - < 4f810c686fde509d1cdaa706322d9d2531f8f1a4+3 more versions |
Linux | Linux | affected 2.6.24unaffected 0 - < 2.6.24unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now