xfrm_user: fix info leak in build_mapping()
Summary
| CVE | CVE-2026-43089 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-06 10:16:22 UTC |
| Updated | 2026-06-01 17:17:02 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.000130000 probability, percentile 0.022920000 (date 2026-05-28)
Problem Types: CWE-401
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 521385cbd50ca9474396d88462fcdfa6489685d9 git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 c2779ae9a3e5a044e5ccd564681511bbbcc5fc0f git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 72a8de41c3eb4dcf22bf3b674ea38fb2f75d6f32 git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 d3125c541a96fb3c0fc7210112684baf22b6c24d git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 5a1a4b049ddde41466ccac0daeec326254b133f2 git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 700c9622b23c33b5933e6dcea816492c064e4e10 git | Not specified |
| CNA | Linux | Linux | affected 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 1beb76b2053b68c491b78370794b8ff63c8f8c02 git | Not specified |
| CNA | Linux | Linux | affected 2.6.29 | Not specified |
| CNA | Linux | Linux | unaffected 2.6.29 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.258 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.209 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.175 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.136 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.83 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.24 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.14 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/c2779ae9a3e5a044e5ccd564681511bbbcc5fc0f | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/521385cbd50ca9474396d88462fcdfa6489685d9 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/72a8de41c3eb4dcf22bf3b674ea38fb2f75d6f32 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.