CVE-2026-43083

EUVD-2026-27576
In the Linux kernel, the following vulnerability has been resolved:

net: ioam6: fix OOB and missing lock

When trace->type.bit6 is set:

    if (trace->type.bit6) {
        ...
        queue = skb_get_tx_queue(dev, skb);
        qdisc = rcu_dereference(queue->qdisc);

This code can lead to an out-of-bounds access of the dev->_tx[] array
when is_input is true. In such a case, the packet is on the RX path and
skb->queue_mapping contains the RX queue index of the ingress device. If
the ingress device has more RX queues than the egress device (dev) has
TX queues, skb_get_queue_mapping(skb) will exceed dev->num_tx_queues.
Add a check to avoid this situation since skb_get_tx_queue() does not
clamp the index. This issue has also revealed that per queue visibility
cannot be accurate and will be replaced later as a new feature.

While at it, add missing lock around qdisc_qstats_qlen_backlog(). The
function __ioam6_fill_trace_data() is called from both softirq and
process contexts, hence the use of spin_lock_bh() here.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.17 ≤
𝑥
< 6.18.24
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.14
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
bpftool-debuginfo
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
bpftool6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
bpftool6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-debuginfo
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-devel
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-headers
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-livepatch-6.1.175-219.357
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.12.92-122.166
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.18.25-55.108
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-modules-extra
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-modules-extra-common
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-tools
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-tools-debuginfo
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel-tools-devel
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
perf
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
perf-debuginfo
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
python3-perf
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
python3-perf-debuginfo
Amazon Linux 2023
1:6.1.175-219.357.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/6d1d9ed9b409e0662241e3d245d574a18f643494
https://git.kernel.org/stable/c/95a1334748c95dd15546056280ade0c4b8dd7b78
https://git.kernel.org/stable/c/b30b1675aa2bcf0491fd3830b051df4e08a7c8ca