CVE-2026-43036
Linux Kernel TCPv4 GSO frag_off Uninit-Value Warning
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's network code related to TCPv4 Generic Segmentation Offload (GSO). The issue arises because the function gso_features_check() reads the IPv4 header's frag_off field directly using ip_hdr() or inner_ip_hdr(), which can be unsafe for packets injected from PF_PACKET paths. This direct access can lead to uninitialized memory reads. The fix involves using skb_header_pointer() to safely access the TCPv4 frag_off field, ensuring the header read is robust whether the data is linear or requires copying.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to read uninitialized memory when processing certain network packets. This may lead to unpredictable behavior, potential kernel crashes, or information leakage from kernel memory, which could be exploited by an attacker to compromise system stability or security.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved in the Linux kernel by using skb_header_pointer() for the TCPv4 frag_off check to ensure safe header access. Therefore, the immediate mitigation step is to update your Linux kernel to a version that includes this fix.