CVE-2026-43481

HIGH 7.8

net-shapers: don't free reply skb after genlmsg_reply()

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

6th

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and keep free_msg only for pre-reply failures.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 13, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 8738dcc844fff7d0157ee775230e95df3b1884d7 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 83f7b54242d0abbfce35a55c01322f50962ed3ee 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 57885276cc16a2e2b76282c808a4e84cbecb3aae

Linux / Linux

6.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/8738dcc844fff7d0157ee775230e95df3b1884d7 git.kernel.org: https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c01322f50962ed3ee git.kernel.org: https://git.kernel.org/stable/c/57885276cc16a2e2b76282c808a4e84cbecb3aae