CVE-2026-43107

UNKNOWN 0.0

xfrm: account XFRMA_IF_ID in aevent size calculation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0) in xfrm_get_ae(), turning a malformed netlink interaction into a kernel panic. Account XFRMA_IF_ID in the size calculation unconditionally and replace the BUG_ON with normal error unwinding.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

7e6526404adedf079279aa7aa11722deaca8fe2e < 2c41283d94af943a05f7f2cc1a01f0c872f3cf43 7e6526404adedf079279aa7aa11722deaca8fe2e < e62e322ea20be78e346e4b49f9a6b9f03313af4c 7e6526404adedf079279aa7aa11722deaca8fe2e < 58e5735d1a5373652f405a0c16e54ac04aaab0ad 7e6526404adedf079279aa7aa11722deaca8fe2e < 7081d46d32312f1a31f0e0e99c6835a394037599

Linux / Linux

4.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43 git.kernel.org: https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c git.kernel.org: https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad git.kernel.org: https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599