CVE-2026-43184
Analyzed
Analyzed - Analysis Complete
Zeroed Response Buffer in Linux Kernel rnbd-srv
Vulnerability report for CVE-2026-43184, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-06
Last updated on: 2026-05-11
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
rnbd-srv: Zero the rsp buffer before using it
Before using the data buffer to send back the response message, zero it
completely. This prevents any stray bytes to be picked up by the client
side when there the message is exchanged between different protocol
versions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.2 (inc) to 6.6.128 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.75 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.16 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.6 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.202 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.165 (exc) |
| linux | linux_kernel | From 5.8 (inc) to 5.10.252 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |