Information Leak in Linux Kernel Due to Uninitialized Field in Netlink Messages
CVE-2026-43035

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43035?

A vulnerability exists in the Linux Kernel pertaining to netlink message handling within the tc_chain_fill_node function. This function fails to initialize the tcm_info field of the struct tcmsg, which can lead to the exposure of uninitialized memory. Consequently, sensitive kernel heap memory could inadvertently be leaked to userspace, potentially allowing unauthorized access to critical information. The issue has been addressed by ensuring that the tcm_info field is correctly zeroed during initialization, aligning it with the existing initialization routine for other fields.

Affected Version(s)

Linux 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 903c3405cfcc7700260e456ab66a5867586c9e69

Linux 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 71a3eda7e850ae844cb8993065f4e410c11a46ce

Linux 32a4f5ecd7381f30ae3bb36dea77a150ba68af2e < 4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3

References

https://git.kernel.org/stable/c/903c3405cfcc7700260e456ab...

https://git.kernel.org/stable/c/71a3eda7e850ae844cb899306...

https://git.kernel.org/stable/c/4ae5d23f51fb91d7d1140c6f1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43035 Data

JSON