CVE-2026-43040

Sažetak

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.

Reference

https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05
https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c
https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648
https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4
https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d
https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f
https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c
https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

01-05-2026 - 15:24

Objavljeno

01-05-2026 - 15:16