HarborGuard / CVE
Back to search
HIGHCVE-2026-43452Published Modified CNA Linux

CVE-2026-43452: netfilter: x_tables: guard option walkers against 1-byte tail reads

In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += op[i + 1] ? : 1 can read op[i + 1] past the end of the option area. Add an explicit i == optlen - 1 check before dereferencing op[i + 1] in xt_tcpudp and xt_dccp option walkers.

Metrics

CVSS v3.1
8.2
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

05.10.2535.15.2035b18b8b35c7cded2d17b2b2604c9b0694ff48d1c6.1.1676.6.1306.12.786.18.196.19.97.09b94f0e42ed248eb31929da84ed9f5310d7ff540ae1e1267650638136b84c23f2b31250f0ccb6823bc18551c6169eac5ed813778d3e3e484002dbbe5c2a445367a496a3c25dbc940c10c8bd1cfd4c14ac39f84e4be1be63fc60ca7141ea7b76edcea5907cfe770220ac2dbd3e104c6b45094037455da81d4d04800323336eebf441d153f43234eac9b833d36
Affected packages
  • Linux / Linux
    < c2a445367a496a3c25dbc940c10c8bd1cfd4c14a (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc) · < ae1e1267650638136b84c23f2b31250f0ccb6823 (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc) · < c39f84e4be1be63fc60ca7141ea7b76edcea5907 (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc) · < 9b94f0e42ed248eb31929da84ed9f5310d7ff540 (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc) · < 5b18b8b35c7cded2d17b2b2604c9b0694ff48d1c (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc) · < bc18551c6169eac5ed813778d3e3e484002dbbe5 (from 2e4e6a17af35be359cc8f1c924f8f198fbd478cc)
  • Linux / Linux
    2.6.16
    Fixed in 0, 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References