Linux Kernel Vulnerability in IPVS Scheduler Affecting Multiple Versions
CVE-2026-43086

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43086?

A vulnerability has been identified in the Linux kernel's IPVS (IP Virtual Server) implementation. This bug occurs when the ip_vs_add_service function successfully binds a scheduler, but not retaining the correct scheduler reference results in a NULL dereference on error handling, leading to a potential kernel panic. Specifically, if an error happens during the estimation process post-binding, the cleanup function erroneously accesses a NULL pointer, which triggers a critical failure in the system. The issue has been more pronounced in recent kernel versions and must be addressed to ensure system stability and prevent crashes.

Affected Version(s)

Linux 705dd34440812735ece298eb5bc153fde9544d42 < 730663352c9178f33fcf5929f4a37c1f1ca5a693

Linux 705dd34440812735ece298eb5bc153fde9544d42 < 4039959315008888dd53c37674d33351817a5166

Linux 705dd34440812735ece298eb5bc153fde9544d42

References

https://git.kernel.org/stable/c/730663352c9178f33fcf5929f...

https://git.kernel.org/stable/c/4039959315008888dd53c3767...

https://git.kernel.org/stable/c/a32dabacee111cea083ddd57a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43086 Data

JSON