Skip to main content

Linux Kernel CVE-2026-43184

| EUVDEUVD-2026-27744 HIGH
2026-05-06 Linux GHSA-x85v-hg8f-rh5p
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:34 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.5 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

rnbd-srv: Zero the rsp buffer before using it

Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchanged between different protocol versions.

AnalysisAI

Information disclosure in Linux kernel's RNBD (RDMA Network Block Device) server component allows remote unauthenticated attackers to read uninitialized kernel memory through response buffers. The rnbd-srv module fails to zero response message buffers before transmission, leaking residual kernel data to network clients, particularly during protocol version mismatches. With CVSS 7.5 (High) and confirmed vendor patches across multiple stable branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0), this represents a classic uninitialized memory vulnerability. EPSS exploitation probability is low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the network attack vector and lack of authentication requirements warrant prioritization for systems running RNBD server functionality.

Technical ContextAI

RNBD (RDMA Network Block Device) is a Linux kernel driver providing network block device functionality over RDMA transports, used in high-performance storage clustering. The vulnerability exists in the server component (rnbd-srv) where response message buffers allocated for network transmission are not properly initialized. When the kernel prepares response packets, unzeroed stack or heap memory regions can contain remnants of previous operations - potentially including sensitive kernel data structures, memory addresses useful for KASLR bypass, or data from other processes. This becomes exploitable when protocol version mismatches cause message structure misalignment, allowing clients to receive buffer sections that should contain padding or structured data but instead contain raw kernel memory. The issue represents a classic information disclosure class where memory safety practices (defensive zeroing) were omitted, though no specific CWE mapping is provided in NVD data. CPE strings confirm broad Linux kernel exposure across versions from initial commit 1da177e4c3f4 (Linux 2.6.12-rc2, 2005) through current mainline.

RemediationAI

Upgrade Linux kernel to patched versions: 5.10.252 or later for 5.10.x series, 5.15.202 or later for 5.15.x series, 6.1.165 or later for 6.1.x series, 6.6.128 or later for 6.6.x series, 6.12.75 or later for 6.12.x series, 6.18.16 or later for 6.18.x series, 6.19.6 or later for 6.19.x series, or 7.0 for mainline. Patch references are available at kernel.org stable tree commits listed in NVD references. If immediate kernel upgrade is not feasible, consider compensating controls: disable RNBD server module via 'rmmod rnbd_server' if RDMA block device functionality is not required (trade-off: loss of remote block device access for dependent applications); restrict network access to RNBD service ports using iptables/nftables rules allowing only trusted storage network segments (trade-off: reduces attack surface but does not eliminate vulnerability for authorized clients); implement network segmentation isolating RDMA storage traffic from untrusted networks (trade-off: architectural change requiring network reconfiguration). Note that disabling the module is the only true mitigation that eliminates the vulnerability; network controls only reduce exposure. Verify module status with 'lsmod | grep rnbd_server' and service dependencies before disabling. For production storage clusters, schedule maintenance windows for kernel updates as live kernel patching (kpatch/livepatch) may not cover this driver component.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43184 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy