Skip to main content

Linux Kernel CVE-2026-43093

| EUVDEUVD-2026-27597 HIGH
2026-05-06 Linux GHSA-m2xh-q35x-h5f5
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:26 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame

The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted.

HW typically works with 128-aligned sizes so let us provide this value as bare minimum.

Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.

AnalysisAI

Insufficient memory validation in Linux kernel's XSK (AF_XDP socket) UMEM registration allows local authenticated users to corrupt kernel memory structures, potentially leading to privilege escalation or system crashes. The xdp_umem_reg() function fails to validate adequate headroom space for minimum-sized Ethernet frames and skb_shared_info structures in multi-buffer scenarios, enabling memory corruption when XSK frames are processed. Vendor patches are available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% indicates very low probability of mass exploitation, with no active exploitation or public POC identified.

Technical ContextAI

AF_XDP (XSK) is a high-performance packet processing framework in the Linux kernel that uses UMEM (user memory) regions for zero-copy packet I/O. The vulnerability exists in the xdp_umem_reg() validation logic within the XSK subsystem, introduced in Linux 5.7. When registering UMEM regions, the kernel must reserve sufficient headroom (front padding) and tailroom (rear padding) for each frame to accommodate network data and kernel metadata. Hardware network adapters typically operate on 128-byte aligned buffers. The flawed validation allows UMEM registration with insufficient headroom, failing to account for: (1) minimum Ethernet frame size requirements, (2) skb_shared_info structure stored at frame end for multi-buffer support, and (3) the 128-byte alignment requirement. This validation gap means the kernel accepts memory layouts where received packets or skb_shared_info would overflow allocated boundaries, corrupting adjacent kernel memory structures. The fix enforces stricter validation accounting for 128-byte minimum alignment plus tailroom space upfront, before multi-buffer configuration is applied. Affected CPE strings indicate all Linux kernel versions from 5.7 through specific commits prior to the patches.

RemediationAI

Upgrade to patched Linux kernel versions: 7.0 or later for mainline, 6.19.14+ for 6.19.x series, 6.18.24+ for 6.18.x series, 6.12.83+ for 6.12.x LTS, or 6.6.136+ for 6.6.x LTS. Vendor patches available from kernel.org stable repository at the git commit links provided in references. For systems unable to immediately patch, implement the following compensating controls with awareness of trade-offs: (1) Restrict access to AF_XDP socket creation by limiting CAP_NET_RAW and CAP_BPF capabilities to trusted administrative users only (blocks legitimate high-performance networking applications requiring unprivileged AF_XDP access). (2) Disable XDP functionality entirely via kernel boot parameter 'xdp.mode=0' if AF_XDP/XDP features are not required for operational workloads (eliminates zero-copy packet processing capabilities, impacts performance-sensitive network applications). (3) In containerized environments, prevent loading of XDP/eBPF programs through AppArmor, SELinux, or seccomp policies blocking bpf() syscall for untrusted containers (may break legitimate observability tools using eBPF). (4) Monitor for unusual UMEM registration attempts via audit rules tracking XDP socket creation (auditctl -a always,exit -F arch=b64 -S socket -F a0=44). No known workaround fully mitigates without functional impact - patching is strongly recommended for systems exposing AF_XDP to unprivileged users.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43093 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy