Linux Kernel Vulnerability in ICSSG PRUETH Data Dispatch Mechanism
CVE-2026-43039

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43039?

A vulnerability exists in the Linux kernel's ICSSG PRUETH component where packet data is not copied correctly during data dispatch. This flaw leads to the transmission of uninitialized heap memory instead of legitimate packet data, resulting in potential leakage of sensitive kernel heap information to userspace. Additionally, the mishandling of buffer recycling can further corrupt memory management processes. Proper remediation involves copying received data from the XDP buffer and ensuring correct memory management practices to avoid state corruption in the page pool.

Affected Version(s)

Linux 7a64bb388df3cf091afdd047c701039a13acd3b4

Linux 7a64bb388df3cf091afdd047c701039a13acd3b4 < 5597dd284ff8c556c0b00f6a34473677426e3f81

Linux 6.19

References

https://git.kernel.org/stable/c/a968438d4fc17ee1dcdc3cfa4...

https://git.kernel.org/stable/c/5597dd284ff8c556c0b00f6a3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43039 Data

JSON