Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.24, < 5.10.253 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05Patch
- https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9cPatch
- https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648Patch
- https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4Patch
- https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6dPatch
- https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589fPatch
- https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21cPatch
- https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67Patch
FAQ
What is CVE-2026-43040?
CVE-2026-43040 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router ...
How severe is CVE-2026-43040?
CVE-2026-43040 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-43040?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.