Memory Leak Vulnerability in Linux Kernel Affects Multiple Distributions
CVE-2026-43090

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43090?

A memory leak has been identified in the Linux kernel involving the xfrm_policy_alloc function. This vulnerability arises from a double call to xfrm_pol_hold_rcu() within the xfrm_migrate_policy_find method, leading to an imbalance in reference counting. The redundant invocation creates an unreferenced object, resulting in memory leaks that could affect system performance and resource allocation. The issue has been resolved in the latest updates, reinforcing the stability and security of the kernel.

Affected Version(s)

Linux 563d5ca93e883b9dcb4b7dc8967ac569fd91820d < 21e235a36cfb6d145cefb10728f12f5dc5412f54

Linux 563d5ca93e883b9dcb4b7dc8967ac569fd91820d < 836ee1b0426ea3db31531e9581cc32f513d24e32

Linux 563d5ca93e883b9dcb4b7dc8967ac569fd91820d < 70c2a89a3bc207c3bfbf6f21bb439809e0a4a27a

References

https://git.kernel.org/stable/c/21e235a36cfb6d145cefb1072...

https://git.kernel.org/stable/c/836ee1b0426ea3db31531e958...

https://git.kernel.org/stable/c/70c2a89a3bc207c3bfbf6f21b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43090 Data

JSON