Kernel Vulnerability in Linux Affecting XFRM Interface Management
CVE-2026-43107

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43107?

A vulnerability in the Linux kernel affects the XFRM interface management by failing to account for the XFRMA_IF_ID attribute during the size calculation for message replies. This oversight can lead to the build_aevent function appending an insufficient size of attributes, resulting in error -EMSGSIZE and triggering a kernel panic through normal error handling paths. Properly accounting for XFRMA_IF_ID in size calculations will mitigate the issue and enhance system stability during netlink interactions.

Affected Version(s)

Linux 7e6526404adedf079279aa7aa11722deaca8fe2e < 2c41283d94af943a05f7f2cc1a01f0c872f3cf43

Linux 7e6526404adedf079279aa7aa11722deaca8fe2e

Linux 7e6526404adedf079279aa7aa11722deaca8fe2e < 58e5735d1a5373652f405a0c16e54ac04aaab0ad

References

https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1...

https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f...

https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43107 Data

JSON