CVE-2026-43040

Sažetak

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.

Reference

https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05
https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c
https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648
https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4
https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d
https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f
https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c
https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67

CVSS

Base:	7.1
Impact:	5.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Zadnje važnije ažuriranje

08-05-2026 - 18:53

Objavljeno

01-05-2026 - 15:16