CVE-2026-43040
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
When processing Router Advertisements with user options the kernel
builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct
has three padding fields that are never zeroed and can leak kernel data
The fix is simple, just zeroes the padding fields.
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9chttps://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6dhttps://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589fhttps://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21chttps://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67