Stack-based buffer overflow in Linux kernel - CVE-2026-43037
Published: May 2, 2026
Vulnerability identifier: #VU128878
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-43037
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a stack-based buffer overflow in ip4ip6_err() and __ip_options_echo() when processing a crafted packet that triggers ICMP error handling on a cloned skb. A remote attacker can send a specially crafted packet to execute arbitrary code.
The issue is caused by reusing skb cb[] data written by the IPv6 receive path as IPv4 metadata, allowing attacker-controlled packet data to influence the copied option length.
How to mitigate CVE-2026-43037
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1063515ce15ff31065c4e7f8265f4c2fd3c54876
- https://git.kernel.org/stable/c/2cc6e3b0fe0f0242d1f530a93a4924f48ab85ba5
- https://git.kernel.org/stable/c/2edfa31769a4add828a7e604b21cb82aaaa05925
- https://git.kernel.org/stable/c/4a622658f384b03560834cbe8ffcfe69a278f7c8
- https://git.kernel.org/stable/c/590f622669b97eaf7b57a1de7b0a6e68c5d8b2c3
- https://git.kernel.org/stable/c/a0c4ce9900a108eaf55d0f3b399cb55999647d39
- https://git.kernel.org/stable/c/d6621f60192fe10c047a4487be42a6f4c150707f
- https://git.kernel.org/stable/c/ea9f65b27c8404e164848ebff1443310fd187629