CVE-2026-43093

EUVD-2026-27597
In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame

The current headroom validation in xdp_umem_reg() could leave us with
insufficient space dedicated to even receive minimum-sized ethernet
frame. Furthermore if multi-buffer would come to play then
skb_shared_info stored at the end of XSK frame would be corrupted.

HW typically works with 128-aligned sizes so let us provide this value
as bare minimum.

Multi-buffer setting is known later in the configuration process so
besides accounting for 128 bytes, let us also take care of tailroom space
upfront.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.14-1
fixed
sid
7.0.3-1
fixed
trixie
vulnerable
trixie (security)
6.12.85-1
fixed
References
https://git.kernel.org/stable/c/0ec4d3f6e6934deb843b561ae048cd17218e5ad1
https://git.kernel.org/stable/c/6523bc1b40e69301f24c14338b762af4739d6d39
https://git.kernel.org/stable/c/9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12
https://git.kernel.org/stable/c/a03975beb9f6af0d8ac051e30b2abeabe618414f
https://git.kernel.org/stable/c/a315e022a72d95ef5f1d4e58e903cb492b0ad931