Description

In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.

INFO

Published Date :

2026-05-06T07:40:22.630Z

Last Modified :

2026-05-06T07:40:22.630Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-43089 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-43089.

URL Resource
https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02 cve-icon cve-icon
https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2 cve-icon cve-icon
https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10 cve-icon cve-icon
https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d cve-icon cve-icon
https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050617-CVE-2026-43089-877c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-43089 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-43089 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact