CVE-2026-43090
Memory Leak in Linux Kernel xfrm Policy Handling
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's xfrm (IPsec) subsystem, specifically related to the function xfrm_migrate_policy_find.
The issue arises because the function xfrm_migrate_policy_find calls xfrm_pol_hold_rcu() twice unnecessarily. The lookup function already returns a policy with a held reference, so the second call causes a reference count imbalance.
This redundant call leads to a memory leak as the reference count is not properly managed, causing allocated memory to remain unreferenced and not freed.
The fix involves removing the redundant call to xfrm_pol_hold_rcu() to correct the reference count and prevent the leak.
How can this vulnerability impact me? :
This vulnerability can cause a memory leak in the Linux kernel's IPsec policy management.
Over time, the leak could lead to increased memory usage, potentially degrading system performance or causing resource exhaustion.
In environments where IPsec policies are frequently created or migrated, this could lead to instability or crashes if memory is exhausted.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by removing the redundant call to xfrm_pol_hold_rcu() in the xfrm_migrate_policy_find() function in the Linux kernel.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.