CVE Catalog

CVE-2026-43035

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in the Linux kernel leaks kernel heap memory to userspace via the tc_chain_fill_node() function, which fails to initialize the tcm_info field of the tcmsg structure before sending netlink messages, exposing 4 bytes of uninitialized memory.

Risk Assessment

A local attacker could exploit this flaw to read sensitive kernel memory, potentially leading to privilege escalation or disclosure of confidential system information.

Recommendation

Immediately update the Linux kernel to a version containing the fix that zero-initializes the tcm_info field. Monitor security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS