CVE-2026-43190
Buffer Overflow in Linux Kernel Netfilter TCPMSS Module
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter component, specifically in the xt_tcpmss module. The issue arises because the TCP option parser reads a byte from the option field without properly checking if there is enough remaining length to safely do so.
If the last byte of the TCP option field is not an End Of List (EOL) or No Operation (NOP) byte (values 0 or 1), the code attempts to read the next byte (op[i+1]). When the index i+1 equals the total option length (optlen), this results in an out-of-bounds read, accessing memory beyond the intended buffer boundary.
This out-of-bounds read can cause the kernel to read memory past the stack buffer or the following payload, which is unintended behavior and can lead to potential security issues.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds memory read in the Linux kernel, which may cause information disclosure or system instability.
By reading memory beyond the intended buffer, an attacker might be able to access sensitive data or cause unexpected behavior in the kernel, potentially leading to crashes or denial of service.