CVE-2026-43184
Zeroed Response Buffer in Linux Kernel rnbd-srv
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rnbd-srv | rnbd-srv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel component called rnbd-srv. It involves the rsp buffer, which is used to send back response messages. Before this fix, the rsp buffer was not completely cleared (zeroed) before use, which could cause leftover data (stray bytes) from previous messages to be included in the response. This could happen especially when messages are exchanged between different protocol versions.
The fix involves zeroing the rsp buffer completely before using it to ensure no unintended data is sent back to the client.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause unintended data from previous communications to be leaked to clients. This could potentially expose sensitive or confidential information that was stored in the buffer from earlier messages.
Such data leakage might lead to privacy concerns or information disclosure, depending on what data is inadvertently sent.