Division by zero in Linux kernel - CVE-2026-43411
Published: May 8, 2026
Vulnerability identifier: #VU130778
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43411
CWE-ID: CWE-369
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to divide-by-zero in tipc_sk_filter_connect() when handling a rejected SYN on the retry path after processing a TIPC_CONN_TIMEOUT value less than 4. A local user can set a small conn_timeout value via setsockopt and trigger the retry path to cause a denial of service.
The issue results in a kernel oops or panic.
How to mitigate CVE-2026-43411
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/2754e7b3d64748643df867d1ea6fec522914b635
- https://git.kernel.org/stable/c/338c5edeb6ae3f12a4b84dff9d71f6f7f8c202c3
- https://git.kernel.org/stable/c/3bc9998041076ee05d3f312a22cee6b2ca35527f
- https://git.kernel.org/stable/c/579956f9f297eb1b6a5d24de313f3acccee1f9d5
- https://git.kernel.org/stable/c/600feb0a66a98c6b7f6f02b5f3612e75f9b8540f
- https://git.kernel.org/stable/c/6c5a9baa15de240e747263aba435a0951da8d8d2
- https://git.kernel.org/stable/c/a360d3815aae1f00dd71b7714a846482e85cc1f7
- https://git.kernel.org/stable/c/c2ebfbe63deb7bfd4dc2532bae62a7ed67713272