CVE-2026-43035
Awaiting Analysis Awaiting Analysis - Queue
Heap Memory Leak in Linux Kernel Networking Subsystem

Publication date: 2026-05-01

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43035
EUVD
EUVD-2026-26634
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 4.19 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability causes a kernel heap memory leak to userspace through an uninitialized 4-byte field in netlink messages. Such an information leak could potentially expose sensitive data residing in kernel memory.

Information leaks can impact compliance with data protection regulations like GDPR and HIPAA, which require protection of personal and sensitive data from unauthorized disclosure.

However, the provided information does not specify the exact nature of the leaked data or whether it includes personal or protected health information.

Therefore, while this vulnerability could pose a risk to compliance by enabling unauthorized data exposure, the exact impact on compliance with standards like GDPR or HIPAA cannot be determined from the given information.

Executive Summary

This vulnerability exists in the Linux kernel's networking code, specifically in the function tc_chain_fill_node which builds netlink messages. The function fails to initialize the tcm_info field of the tcmsg structure to zero. Because the memory allocated for this field is not cleared, it can leak leftover kernel heap memory to userspace through this 4-byte field.

The issue is fixed by zeroing the tcm_info field along with other fields during initialization, preventing the unintended information leak.

Impact Analysis

This vulnerability can lead to an information leak where sensitive kernel memory contents might be exposed to userspace applications. Such leaks can potentially reveal sensitive data or kernel memory layout information, which attackers could use to further compromise the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43035. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart