CVE-2026-43501

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the ipv6 rpl srh rcv() function during the decompression and recompression of RFC 6554 Source Routing Headers. When the recompressed header is larger than the received one, the process may consume unchecked headroom. If skb push() leaves fewer than skb->mac len bytes in front of the data, the skb set mac header() function called by skb mac header rebuild() can cause an integer wrap in the mac header field. This leads to a memory write operation that occurs approximately 64KiB past the skb->head buffer, resulting in an out-of-bounds write.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.