Skip to main content

Linux Kernel EUVDEUVD-2026-26627

| CVE-2026-43028 HIGH
2026-05-01 Linux
7.1
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:35 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.1 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26627
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 7.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: ensure names are nul-terminated

Reject names that lack a \0 character before feeding them to functions that expect c-strings.

Fixes tag is the most recent commit that needs this change.

AnalysisAI

Local privilege escalation and information disclosure in Linux kernel netfilter x_tables subsystem allows authenticated local users to leak memory contents or crash the system due to improper null-termination validation of string names passed to c-string functions. CVSS 7.1 (High/Confidentiality, High/Availability impact) but low real-world priority: EPSS 0.02% (7th percentile) indicates minimal observed exploitation likelihood. Patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). No active exploitation confirmed, no POC identified, requires local authenticated access with low privileges.

Technical ContextAI

This vulnerability affects the netfilter x_tables framework in the Linux kernel, specifically the iptables/ip6tables/arptables/ebtables subsystem used for packet filtering and NAT. The x_tables architecture allows user-space tools to configure firewall rules by passing data structures to the kernel, including string names for tables, chains, and match/target extensions. The flaw exists in input validation routines that fail to verify null-termination before passing these names to standard c-string functions like strcmp() or strcpy(). When an attacker-controlled name lacks a terminating null byte, these functions read beyond intended buffer boundaries, potentially exposing adjacent kernel memory or causing out-of-bounds access leading to denial of service. The vulnerability traces back to commit c38c4597e4bf from kernel 4.5 era, affecting the core name-handling logic that persisted through multiple kernel versions. CPE data confirms broad impact across the Linux kernel product line from version 4.5 onward until respective stable branch patches.

RemediationAI

Upgrade to patched Linux kernel versions: 5.10.253 or later for 5.10.x series, 5.15.203+ for 5.15.x, 6.1.168+ for 6.1.x, 6.6.134+ for 6.6.x, 6.12.81+ for 6.12.x, 6.18.22+ for 6.18.x, 6.19.12+ for 6.19.x, or 7.0+ for mainline. Distribution-specific updates available through standard package managers (apt, yum, dnf, zypper). Upstream fix commits available at https://git.kernel.org/stable/c/bcac50ea0a29d430eedc5ac87b215393b567baa9 and related URLs for manual backporting if necessary. Workarounds for environments unable to immediately patch: restrict CAP_NET_ADMIN capability in containerized deployments by removing from container security contexts and using managed network policies instead (trade-off: breaks applications requiring in-container firewall configuration). On multi-tenant systems, enforce strict user namespace isolation and audit netfilter rule modification attempts via auditd monitoring iptables/ip6tables syscalls (increases log volume, requires SIEM integration). These compensating controls reduce but do not eliminate risk, as kernel vulnerabilities may be exploitable through alternative code paths. Standard kernel update procedures apply including testing in non-production, verifying driver compatibility, and planning for reboot windows.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy