IPv6 Source Routing Header Vulnerability in Linux Kernel
CVE-2026-43501

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43501?

A vulnerability exists in the Linux Kernel related to the IPv6 Source Routing Header (SRH), where improper validation during packet processing can lead to an out-of-bounds write. When decompressing an RFC 6554 SRH and swapping segments, the recompressed header may exceed the expected length, resulting in data corruption. This issue arises due to inadequate headroom management, which allows for overwriting memory beyond allocated boundaries. The vulnerability can be exploited through crafted IPv6 packets, potentially leading to system instability or execution of arbitrary code. A fix has been implemented to ensure sufficient headroom is maintained during the recompression process, thus preventing such security issues.

Affected Version(s)

Linux 8610c7c6e3bd647ff98d21c8bc0580e77bc2f8b3 < 8e8be63465a5e80394c70324603dfea1bfdad48f

Linux 8610c7c6e3bd647ff98d21c8bc0580e77bc2f8b3 < 4babc2d9fda2df43823b85d08a0180b68f1b0854

Linux 8610c7c6e3bd647ff98d21c8bc0580e77bc2f8b3

References

https://git.kernel.org/stable/c/8e8be63465a5e80394c703246...

https://git.kernel.org/stable/c/4babc2d9fda2df43823b85d08...

https://git.kernel.org/stable/c/c261d07a80576dc8ccf394ef8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43501 Data

JSON