Out-of-bounds read in Linux kernel - CVE-2026-43190
Published: May 7, 2026
Vulnerability identifier: #VU130550
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43190
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the xt_tcpmss TCP option parser when parsing a TCP option field whose last byte is not EOL or NOP. A local user can supply a specially crafted packet to disclose sensitive information.
How to mitigate CVE-2026-43190
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/07a9b32eaae792ff7d0fcac14d8920c937c0a9c3
- https://git.kernel.org/stable/c/5e13d0a37666955b6cfddc0f73cb40ed645b8a05
- https://git.kernel.org/stable/c/735ee8582da3d239eb0c7a53adca61b79fb228b3
- https://git.kernel.org/stable/c/8b300f726640c48c3edfe9c453334dd801f4b74e
- https://git.kernel.org/stable/c/cd5beda7e0e32865e214f28034bb92c1cecff885
- https://git.kernel.org/stable/c/eaedc0bc18be46fe7f58170e967959a932c4f824
- https://git.kernel.org/stable/c/f6c412dcfd76b0516d51aa847d8f4c7b70381b09
- https://git.kernel.org/stable/c/f895191dc32c53eaf443b6443fe40945b2f92287