Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structure before setting individual variables.
References
- https://git.kernel.org/stable/c/1beb76b2053b68c491b78370794b8ff63c8f8c02
- https://git.kernel.org/stable/c/5a1a4b049ddde41466ccac0daeec326254b133f2
- https://git.kernel.org/stable/c/700c9622b23c33b5933e6dcea816492c064e4e10
- https://git.kernel.org/stable/c/d3125c541a96fb3c0fc7210112684baf22b6c24d
- https://git.kernel.org/stable/c/f779a6b6cdb6e12baa0663063ac59ab2a8f20c0c
FAQ
What is CVE-2026-43089?
CVE-2026-43089 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up...
How severe is CVE-2026-43089?
CVSS scoring is not yet available for CVE-2026-43089. Check NVD for updates.
Is there a patch for CVE-2026-43089?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.