Double Free Vulnerability in Linux Kernel's X.25 Networking Protocol
CVE-2026-43011

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43011?

A vulnerability exists in the Linux kernel related to the X.25 networking protocol, where improper error handling leads to a double free of socket buffers. Specifically, under certain conditions in the x25_queue_rx_frame function, if memory allocation for a socket buffer fails, it attempts to free the buffer again, leading to potential memory corruption. This flaw could be exploited to disrupt network functionality or cause a denial of service.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5d0aa038a90b30c9bedde0c41c1fdcd98ecb16e9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3f5e3005984645bf5bd129c6b13149879580b1fb

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/5d0aa038a90b30c9bedde0c41...

https://git.kernel.org/stable/c/3f5e3005984645bf5bd129c6b...

https://git.kernel.org/stable/c/f782dd382203b2a8c4552a628...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43011 Data

JSON