CVE-2026-43092
AF_XDP MTU Validation Failure in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's AF_XDP bind functionality, where it accepts zero-copy pool configurations without properly verifying that the device MTU (Maximum Transmission Unit) fits within the usable frame space provided by the UMEM chunk.
The issue arises because the system started to respect tailroom (space subtracted from chunk size along with headroom), which means a 2k chunk size might not provide enough space for a standard 1500 MTU. Without validation, this can lead to misconfigurations.
The fix involves validating these settings at bind time and ensuring that the underlying hardware can support the configured MTU in relation to XSK's frame size multiplied by the supported Rx buffer chain length.
How can this vulnerability impact me? :
If the device MTU is not properly validated against the usable frame size, it can lead to misconfigurations that may cause network packet processing errors or failures in zero-copy operations.
This could result in degraded network performance, dropped packets, or unexpected behavior in applications relying on AF_XDP zero-copy features.