Vulnerability in Linux Kernel Networking Component Affects Multiple Releases
CVE-2026-43481

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-43481?

A vulnerability has been identified in the Linux kernel's networking subsystem related to the handling of Netlink messages. Specifically, in functions that manage reply messages, there is an improper resource management issue where the same socket buffer (skb) may be freed multiple times under different error conditions. This occurs after the genlmsg_reply() function call fails, leading to potential use-after-free scenarios. The resolution involves ensuring that errors from genlmsg_reply() are returned directly and that resources are only freed in predefined failure paths, thus mitigating risks associated with erroneous memory management.

Affected Version(s)

Linux 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 8738dcc844fff7d0157ee775230e95df3b1884d7

Linux 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 83f7b54242d0abbfce35a55c01322f50962ed3ee

Linux 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb < 57885276cc16a2e2b76282c808a4e84cbecb3aae

References

https://git.kernel.org/stable/c/8738dcc844fff7d0157ee7752...

https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c0...

https://git.kernel.org/stable/c/57885276cc16a2e2b76282c80...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43481 Data

JSON