CVE-2026-43011 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 3, 2026
Linux Kernel - Denial of Service
Published: May 1, 2026Updated: May 3, 2026Remote Exploitable
Overview
Linux kernel contains a double free vulnerability in net/x25 caused by skb being freed twice in x25_queue_rx_frame and x25_backlog_rcv, letting attackers cause denial of service, exploit requires crafted network packets.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause denial of service by triggering a double free, potentially crashing the kernel or causing instability.
Mitigation
Update to the latest Linux kernel version containing the fix for net/x25 double free.
References
- https://git.kernel.org/stable/c/143d4fa68ae9efb83b0c55b12cc7f0d03732a2b1
- https://git.kernel.org/stable/c/3f5e3005984645bf5bd129c6b13149879580b1fb
- https://git.kernel.org/stable/c/524371398d8463ea7e101fce2cbf3915645d1730
- https://git.kernel.org/stable/c/5d0aa038a90b30c9bedde0c41c1fdcd98ecb16e9
- https://git.kernel.org/stable/c/c87dd137c0dad07cc55f98181ff380b0c23d2878
- https://git.kernel.org/stable/c/d10a26aa4d072320530e6968ef945c8c575edf61
- https://git.kernel.org/stable/c/f782dd382203b2a8c4552a628431b7de65a19a7b
- https://git.kernel.org/stable/c/fa1dbc93530b34fab0da9862426fe9c918c74dc0
Related Resources
Details
- CVE ID
- CVE-2026-43011
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H