CVE-2026-43341 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 11, 2026
Linux Kernel - Buffer Overflow
Published: May 8, 2026Updated: May 11, 2026Remote Exploitable
Overview
Linux kernel contains a buffer overflow caused by schema length wraparound in ioam6_fill_trace_data function in net/ipv6 ioam6, letting attackers overrun the trace buffer, exploit requires crafted network packets.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause buffer overflow leading to potential system instability or code execution.
Mitigation
Update to the latest Linux kernel version containing the fix for ioam6 schema length wraparound.
References
- https://git.kernel.org/stable/c/184d2e9db27c0f76226b5cad16fe29510a5d2280
- https://git.kernel.org/stable/c/5e67ba9bb531e1ec6599a82a065dea9040b9ce50
- https://git.kernel.org/stable/c/77695a69baca9b99d95fad09fc78c2318736604f
- https://git.kernel.org/stable/c/d1b041080086e91d3733a5438a8c51ad5d3d8e09
- https://git.kernel.org/stable/c/d6e1c9b02d85a4f1f4ba6d68e916d9b610a3ed7d
- https://git.kernel.org/stable/c/e96d48b37708d53cbdc47f6f60b0714fc4a5f596
Related Resources
Details
- CVE ID
- CVE-2026-43341
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H