SB20260507272 - Improper input validation in Linux kernel xdp



SB20260507272 - Improper input validation in Linux kernel xdp

Published: May 7, 2026

Security Bulletin ID SB20260507272
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper input validation (CVE-ID: CVE-2026-43092)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in AF_XDP bind handling when binding a zero-copy pool configuration. A local user can supply a configuration where the device MTU exceeds the usable UMEM frame space to cause a denial of service.

The issue arises when tailroom and headroom reduce the usable chunk space, and hardware receive buffer chain length constraints can further prevent the configured MTU from being supported.


Remediation

Install update from vendor's website.