Improper input validation in Linux kernel - CVE-2026-43092
Published: May 7, 2026
Vulnerability identifier: #VU130669
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43092
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in AF_XDP bind handling when binding a zero-copy pool configuration. A local user can supply a configuration where the device MTU exceeds the usable UMEM frame space to cause a denial of service.
The issue arises when tailroom and headroom reduce the usable chunk space, and hardware receive buffer chain length constraints can further prevent the configured MTU from being supported.
How to mitigate CVE-2026-43092
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133
- https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9
- https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6
- https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1
- https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2