CVE-2026-43088

EUVD-2026-27586
In the Linux kernel, the following vulnerability has been resolved:

net: af_key: zero aligned sockaddr tail in PF_KEY exports

PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr
payload space, so IPv6 addresses occupy 32 bytes on the wire. However,
`pfkey_sockaddr_fill()` initializes only the first 28 bytes of
`struct sockaddr_in6`, leaving the final 4 aligned bytes uninitialized.

Not every PF_KEY message is affected. The state and policy dump builders
already zero the whole message buffer before filling the sockaddr
payloads. Keep the fix to the export paths that still append aligned
sockaddr payloads with plain `skb_put()`:

  - `SADB_ACQUIRE`
  - `SADB_X_NAT_T_NEW_MAPPING`
  - `SADB_X_MIGRATE`

Fix those paths by clearing only the aligned sockaddr tail after
`pfkey_sockaddr_fill()`.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
2.6.12.1 ≤
𝑥
< 6.12.88
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.30
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.14
linuxlinux_kernel
2.6.12
linuxlinux_kernel
2.6.12:rc2
linuxlinux_kernel
2.6.12:rc3
linuxlinux_kernel
2.6.12:rc4
linuxlinux_kernel
2.6.12:rc5
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
vulnerable
trixie (security)
6.12.94-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.12
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
bpftool6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel-livepatch-6.12.90-120.164
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.18.30-61.116
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.90-120.164.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/11cbf294bac623bd57296f231199193087f57b4a
https://git.kernel.org/stable/c/2e74f974359b5382ecbe8536abbb5b837eb6c724
https://git.kernel.org/stable/c/3c19cb8a84ef709d57943bd6664cf31cb91ba6ec
https://git.kernel.org/stable/c/426c355742f02cf743b347d9d7dbdc1bfbfa31ef
https://git.kernel.org/stable/c/edd446ee7cd3d02cac246168063d5b3e9ea68460