HIGHCVE-2026-43093Published Modified CNA Linux
CVE-2026-43093: xsk: tighten UMEM headroom validation to account for tailroom and min frame
In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted. HW typically works with 128-aligned sizes so let us provide this value as bare minimum. Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
00ec4d3f6e6934deb843b561ae048cd17218e5ad14.205.55.76.6.1366.12.836.18.246.19.146523bc1b40e69301f24c14338b762af4739d6d397.09ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12a03975beb9f6af0d8ac051e30b2abeabe618414fa315e022a72d95ef5f1d4e58e903cb492b0ad931
Affected packages
- Linux / Linux< a03975beb9f6af0d8ac051e30b2abeabe618414f (from 99e3a236dd43d06c65af0a2ef9cb44306aef6e02) · < 0ec4d3f6e6934deb843b561ae048cd17218e5ad1 (from 99e3a236dd43d06c65af0a2ef9cb44306aef6e02) · < 9ea6ba4f3195dcba6e8b3e7b2e748593b7cafb12 (from 99e3a236dd43d06c65af0a2ef9cb44306aef6e02) · < 6523bc1b40e69301f24c14338b762af4739d6d39 (from 99e3a236dd43d06c65af0a2ef9cb44306aef6e02) · < a315e022a72d95ef5f1d4e58e903cb492b0ad931 (from 99e3a236dd43d06c65af0a2ef9cb44306aef6e02) · ad8fb61c184fe0f8d1e0b5b954d010fb9f94a6ee
- Linux / Linux5.7Fixed in 0, 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H