CVE-2026-43093
Analyzed Analyzed - Analysis Complete
Buffer Overflow in Linux Kernel XDP Socket Implementation

Publication date: 2026-05-06

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted. HW typically works with 128-aligned sizes so let us provide this value as bare minimum. Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43093
EUVD
EUVD-2026-27597
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel 5.7
linux linux_kernel From 5.6.7 (inc) to 5.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.24 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.14 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.83 (exc)
linux linux_kernel From 4.19.118 (inc) to 4.20 (exc)
linux linux_kernel From 5.4.35 (inc) to 5.5 (exc)
linux linux_kernel From 5.7.1 (inc) to 6.6.136 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's xsk (AF_XDP) subsystem, specifically in the headroom validation logic of the xdp_umem_reg() function.

The issue is that the current validation for headroom space does not properly account for the tailroom and the minimum size of an Ethernet frame. This can result in insufficient space being allocated to receive even the smallest Ethernet frames.

Additionally, if multi-buffering is used, the skb_shared_info structure stored at the end of the XSK frame could become corrupted due to this improper validation.

The fix involves tightening the validation to ensure at least 128 bytes of headroom (which aligns with typical hardware requirements) and also accounting for tailroom space upfront, even though multi-buffer settings are known later in the configuration process.

Impact Analysis

This vulnerability can lead to corrupted data structures within the kernel's networking stack, specifically the skb_shared_info structure when multi-buffering is used.

Such corruption could cause unpredictable behavior in packet processing, potentially leading to network packet loss, data corruption, or kernel crashes.

Because it affects the handling of Ethernet frames at a low level, it could impact the reliability and stability of network communications on affected Linux systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart