CVE-2026-43040
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
When processing Router Advertisements with user options the kernel
builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct
has three padding fields that are never zeroed and can leak kernel data
The fix is simple, just zeroes the padding fields.
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9chttps://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6dhttps://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589fhttps://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21chttps://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67