CVE-2026-43481

Published: May 13, 2026

Modified: May 20, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and keep free_msg only for pre-reply failures.

Vendor	Product	Versions
Linux	Linux	affected `4b623f9f0f59652ea71fcb27d60b4c3b65126dbb - < 8738dcc844fff7d0157ee775230e95df3b1884d7` affected `4b623f9f0f59652ea71fcb27d60b4c3b65126dbb - < 83f7b54242d0abbfce35a55c01322f50962ed3ee` affected `4b623f9f0f59652ea71fcb27d60b4c3b65126dbb - < 57885276cc16a2e2b76282c808a4e84cbecb3aae`
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.18.19 - <= 6.18.` unaffected `6.19.9 - <= 6.19.` unaffected `7.0 - <= *`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://git.kernel.org/stable/c/8738dcc844fff7d0157ee775230e95df3b1884d7

https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c01322f50962ed3ee

https://git.kernel.org/stable/c/57885276cc16a2e2b76282c808a4e84cbecb3aae

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43481

Description

Affected Products

CVSS v3.1 Details

References