CVE-2026-43040
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 01, 2026
Vendor
unknown
Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.
References
- https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05
- https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c
- https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648
- https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4
- https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d