SB20260507155 - Improper Initialization in Linux kernel block rnbd driver
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Initialization (CVE-ID: CVE-2026-43184)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper initialization in rnbd-srv response buffer handling when exchanging response messages between different protocol versions. A remote attacker can trigger communication using mismatched protocol versions to disclose sensitive information.
The issue arises because stray bytes in the response buffer may be picked up by the client side.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8
- https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5
- https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98
- https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33
- https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206
- https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2
- https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa
- https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471