CVE-2026-43107

Published: May 6, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic. Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.

Vendor	Product	Versions
Linux	Linux	affected `7e6526404adedf079279aa7aa11722deaca8fe2e - < 2c41283d94af943a05f7f2cc1a01f0c872f3cf43` affected `7e6526404adedf079279aa7aa11722deaca8fe2e - < e62e322ea20be78e346e4b49f9a6b9f03313af4c` affected `7e6526404adedf079279aa7aa11722deaca8fe2e - < 58e5735d1a5373652f405a0c16e54ac04aaab0ad` affected `7e6526404adedf079279aa7aa11722deaca8fe2e - < 7081d46d32312f1a31f0e0e99c6835a394037599`
Linux	Linux	affected `4.19` unaffected `0 - < 4.19` unaffected `6.12.83 - <= 6.12.` unaffected `6.18.24 - <= 6.18.` unaffected `6.19.14 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43

https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c

https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad

https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43107

Description

Affected Products

References