Info Leak in Linux Kernel's xfrm_user Affects Security
CVE-2026-43089

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43089?

In the Linux kernel, a vulnerability in the xfrm_user interface allows for an information leak due to a one-byte padding hole in the struct xfrm_usersa_id. This padding is not zeroed out before the structure is copied to user space, which may lead to the unintended disclosure of sensitive data. The issue has been addressed in recent updates by ensuring the entire structure is zeroed out prior to variable assignment, enhancing the overall security posture of the kernel.

Affected Version(s)

Linux 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4

Linux 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4 < 5a1a4b049ddde41466ccac0daeec326254b133f2

Linux 3a2dfbe8acb154905fdc2fd03ec56df42e6c4cc4

References

https://git.kernel.org/stable/c/d3125c541a96fb3c0fc721011...

https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0da...

https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43089 Data

JSON