MTU Validation Flaw in Linux Kernel Affects Networking Performance
CVE-2026-43092

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43092?

A vulnerability in the Linux kernel exists where the AF_XDP bind function accepts zero-copy pool configurations without proper validation against the device's Maximum Transmission Unit (MTU). When the chunk size is set to 2k, it may not accommodate the standard MTU of 1500, leading to potential performance issues. This oversight fails to check if the underlying hardware can satisfy the configured MTU relative to the XSK's frame size and the maximum segment length supported by the RX buffer chain. This could result in network instability and degraded performance.

Affected Version(s)

Linux 24ea50127ecf0efe819c1f6230add27abc6ca9d9

Linux 24ea50127ecf0efe819c1f6230add27abc6ca9d9 < 25e1e91a8da819924df0b16e3812d7b24c8ce133

References

https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873...

https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b2...

https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43092 Data

JSON