5.5

CVE-2026-43035

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

In the Linux kernel, the following vulnerability has been resolved:

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

When building netlink messages, tc_chain_fill_node() never initializes
the tcm_info field of struct tcmsg. Since the allocation is not zeroed,
kernel heap memory is leaked to userspace through this 4-byte field.

The fix simply zeroes tcm_info alongside the other fields that are
already initialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.168
LinuxLinux Kernel Version >= 6.2 < 6.6.134
LinuxLinux Kernel Version >= 6.7 < 6.12.81
LinuxLinux Kernel Version >= 6.13 < 6.18.22
LinuxLinux Kernel Version >= 6.19 < 6.19.12
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/903c3405cfcc7700260e456ab66a5867586c9e69
Patch
https://git.kernel.org/stable/c/71a3eda7e850ae844cb8993065f4e410c11a46ce
Patch
https://git.kernel.org/stable/c/4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3
Patch
https://git.kernel.org/stable/c/e35f5195cd44ff4053fbc5d71ea97681728a0099
Patch
https://git.kernel.org/stable/c/d6db08484c6cb3d4ad696246f9d288eceba2a078
Patch
https://git.kernel.org/stable/c/906997ea3766c24fbbf9cc4bf17c047315bbd138
Patch
https://git.kernel.org/stable/c/1091b3c174441a52fdbb92e2fe00338f9371a91c
Patch
https://git.kernel.org/stable/c/e6e3eb5ee89ac4c163d46429391c889a1bb5e404
Patch