Linux Kernel Vulnerability in IPv6 Router Advertisement Processing
CVE-2026-43040

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43040?

A vulnerability has been identified in the Linux kernel’s handling of Router Advertisements (RA) with user options. This flaw arises when the kernel builds an RTM_NEWNDUSEROPT netlink message without properly zeroing out the padding fields in the nduseroptmsg struct. As a result, sensitive kernel data may be inadvertently leaked, posing a potential risk to system integrity. The introduced fix ensures that these padding fields are initialized to zero, effectively mitigating the risk of information disclosure during RA processing.

Affected Version(s)

Linux 31910575a9de61e78065e93846e8e7a4894a18bf < 1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c

Linux 31910575a9de61e78065e93846e8e7a4894a18bf < 2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648

Linux 31910575a9de61e78065e93846e8e7a4894a18bf < 11d7fe97421cfc81549940c20ed5ac9472d6db05

References

https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbc...

https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9...

https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43040 Data

JSON