CVE-2026-43040
Analyzed Analyzed - Analysis Complete
IPv6 Router Advertisement Info-Leak in Linux Kernel

Publication date: 2026-05-01

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43040
EUVD
EUVD-2026-26639
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 2.6.24 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-909 The product does not initialize a critical resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's IPv6 Neighbor Discovery (ndisc) component. Specifically, when processing Router Advertisements that include user options, the kernel constructs a netlink message (RTM_NEWNDUSEROPT) using a structure called nduseroptmsg. This structure contains three padding fields that were not initialized to zero, which could lead to leakage of kernel memory data.

The vulnerability is fixed by ensuring these padding fields are zeroed out before use, preventing any unintended information disclosure.

Impact Analysis

This vulnerability can lead to an information leak where sensitive kernel memory data might be exposed through uninitialized padding fields in netlink messages. An attacker could potentially use this leaked information to gain insights into the kernel's memory layout or other sensitive data, which might aid in further attacks or exploitation.

Mitigation Strategies

The vulnerability is fixed by zeroing the padding fields in the nduseroptmsg struct when processing Router Advertisements with user options.

To mitigate this vulnerability immediately, update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43040. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart