CVE-2026-43040

high

Description

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.

References

https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67

https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c

https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f

https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d

https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4

https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648

https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c

https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05

Details

Source: Mitre, NVD

Published: 2026-05-01

Updated: 2026-05-01

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00024