CVEFinder.io

CVE-2026-43088

🔶 medium
🔍 Scan for this CVE
Summary

In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, `pfkey_sockaddr_fill()` initializes only the first 28 bytes of `struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized. Not every PF_KEY message is affected. The state and policy dump builders already zero the who

Description

In the Linux kernel, the following vulnerability has been resolved:

net: af_key: zero aligned sockaddr tail in PF_KEY exports

PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr
payload space, so IPv6 addresses occupy 32 bytes on the wire. However,
`pfkey_sockaddr_fill()` initializes only the first 28 bytes of
`struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized.

Not every PF_KEY message is affected. The state and policy dump builders
already zero the whole message buffer before filling the sockaddr
payloads. Keep the fix to the export paths that still append aligned
sockaddr payloads with plain `skb_put()`:

- `SADB_ACQUIRE`
- `SADB_X_NAT_T_NEW_MAPPING`
- `SADB_X_MIGRATE`

Fix those paths by clearing only the aligned sockaddr tail after
`pfkey_sockaddr_fill()`.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-06
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.6% of all 326,604 vulnerabilities in our database.

#220,252
Below average severity
Severity Percentile
Last Modified 2026-05-22
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

📦 Affected Products 5

Vendor Product Status Affected Versions
linux linux_kernel Affected
> 2.6.12.1 < 6.12.88
linux linux_kernel Affected
> 6.13 < 6.18.30
linux linux_kernel Affected
> 6.19 < 6.19.14
linux linux_kernel Affected
v2.6.12
linux linux_kernel Affected
v7.0

🔗 References 4

https://git.kernel.org/stable/c/11cbf294bac623bd5729...
Patch
https://git.kernel.org/stable/c/2e74f974359b5382ecbe...
Patch
https://git.kernel.org/stable/c/426c355742f02cf743b3...
Patch
https://git.kernel.org/stable/c/edd446ee7cd3d02cac24...
Patch

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-71313 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_wor... 2026-06-03
CVE-2025-71314 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches(... 2026-06-03
CVE-2026-46244 ⛔ critical 9.1 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync ... 2026-06-03
CVE-2026-46245 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD i... 2026-06-03
CVE-2026-46246 ⚠️ high 7.8 0.0 In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for e... 2026-06-03
CVE-2026-46247 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map ... 2026-06-03
These CVEs affect the same products