CVE-2026-43495

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the t7xx port enum msg handler() function where the modem-supplied port count field is used as a loop bound over port msg->data[] without verifying if the message buffer contains sufficient data. A modem sending a port count of 65535 in a 12-byte buffer can trigger a slab-out-of-bounds read of up to 262140 bytes. Additionally, in t7xx parse host rt data(), the rt feature header read lacks a remaining-buffer check before accessing data len, and feat data len is not validated against the actual remaining buffer, which can lead to out-of-bounds reads and signed integer overflow on the offset.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.