Linux Kernel Shared Fragment Handler Vulnerability in Networking Stack
CVE-2026-43503

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 May 2026

What is CVE-2026-43503?

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversight can lead to a state where a socket buffer incorrectly indicates the absence of shared fragments, which can result in unprivileged users being able to write to read-only files through unauthorized access. Proper fixes require ensuring that shared fragment flags are maintained during fragment transfers, preventing potential security risk in networking applications that rely on correct fragment handling.

Affected Version(s)

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 179f1852bdedc300e373e807cc102cd81feff196

Linux cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 12401fcfb01f53ccc63ab0a3246570fe8f3105ee

References

https://git.kernel.org/stable/c/fbeab9555564a1b98e8582cd1...

https://git.kernel.org/stable/c/179f1852bdedc300e373e807c...

https://git.kernel.org/stable/c/12401fcfb01f53ccc63ab0a32...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43503 Data

JSON