5.5

CVE-2026-31664

xfrm: clear trailing padding in build_polexpire()

In the Linux kernel, the following vulnerability has been resolved:

xfrm: clear trailing padding in build_polexpire()

build_expire() clears the trailing padding bytes of struct
xfrm_user_expire after setting the hard field via memset_after(),
but the analogous function build_polexpire() does not do this for
struct xfrm_user_polexpire.

The padding bytes after the __u8 hard field are left
uninitialized from the heap allocation, and are then sent to
userspace via netlink multicast to XFRMNLGRP_EXPIRE listeners,
leaking kernel heap memory contents.

Add the missing memset_after() call, matching build_expire().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 6.1.169
LinuxLinux Kernel Version >= 6.2 < 6.6.135
LinuxLinux Kernel Version >= 6.7 < 6.12.82
LinuxLinux Kernel Version >= 6.13 < 6.18.23
LinuxLinux Kernel Version >= 6.19 < 6.19.13
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.018
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/ac6985903db047eaff54db929e4bf6b06782788e
Patch
https://git.kernel.org/stable/c/c221ed63a2769a0af8bd849dfe25740048f34ef4
Patch
https://git.kernel.org/stable/c/eda30846ea54f8ed218468e5480c8305ca645e37
Patch
https://git.kernel.org/stable/c/b1dfd6b27df35ef4f87825aa5f607378d23ff0f2
Patch
https://git.kernel.org/stable/c/e1af65c669ebb1666c54576614c01a7f9ffcfff6
Patch
https://git.kernel.org/stable/c/71a98248c63c535eaa4d4c22f099b68d902006d0
Patch
https://git.kernel.org/stable/c/a5127501c8d30b5728791b1e340284ca5c9cc4bd
https://git.kernel.org/stable/c/e6f4ffe8596947a595c9544e73a73adcb0568b88