CVE-2026-43088

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

net: af key: zero aligned sockaddr tail in PF KEY exports

PF KEY export paths use pfkey sockaddr size() when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkey sockaddr fill() initializes only the first 28 bytes of struct sockaddr in6, leaving the final 4 aligned bytes uninitialized.

Not every PF KEY message is affected. The state and policy dump builders already zero the whole message buffer before filling the sockaddr payloads. Keep the fix to the export paths that still append aligned sockaddr payloads with plain skb put():

SADB ACQUIRE
SADB X NAT T NEW MAPPING
SADB X MIGRATE

Fix those paths by clearing only the aligned sockaddr tail after pfkey sockaddr fill().

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-43088

Affected Products

Linux

CVE-2026-43088

Related Identifiers

Affected Products

References · 3