CVE-2026-43083

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the net: ioam6 component where an out-of-bounds access of the dev-> tx[] array can occur when is input is true. This happens because skb get tx queue() does not clamp the index, allowing skb->queue mapping to exceed dev->num tx queues if the ingress device has more RX queues than the egress device has TX queues. Additionally, there is a missing lock around the qdisc qstats qlen backlog() function. Since ioam6 fill trace data() is called from both softirq and process contexts, a spin lock bh() is required to ensure synchronization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.