[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-43038":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":34,"related":35,"reserved_at":9,"published_at":36,"modified_at":37,"state":38,"summary":39,"references_raw":48,"kevs":83,"epss":84,"epss_history":87,"metrics":189,"affected":196},"CVE-2026-43038","In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()\n\nSashiko AI-review observed:\n\n  In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet\n  where its cb contains an IPv4 inet_skb_parm. When skb is cloned into skb2\n  and passed to icmp6_send(), it uses IP6CB(skb2).\n\n  IP6CB interprets the IPv4 inet_skb_parm as an inet6_skb_parm. The cipso\n  offset in inet_skb_parm.opt directly overlaps with dsthao in inet6_skb_parm\n  at offset 18.\n\n  If an attacker sends a forged ICMPv4 error with a CIPSO IP option, dsthao\n  would be a non-zero offset. Inside icmp6_send(), mip6_addr_swap() is called\n  and uses ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO).\n\n  This would scan the inner, attacker-controlled IPv6 packet starting at that\n  offset, potentially returning a fake TLV without checking if the remaining\n  packet length can hold the full 18-byte struct ipv6_destopt_hao.\n\n  Could mip6_addr_swap() then perform a 16-byte swap that extends past the end\n  of the packet data into skb_shared_info?\n\n  Should the cb array also be cleared in ip6_err_gen_icmpv6_unreach() and\n  ip6ip6_err() to prevent this?\n\nThis patch implements the first suggestion.\n\nI am not sure if ip6ip6_err() needs to be changed.\nA separate patch would be better anyway.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32],{"_key":23},"MGASA-2026-0108",{"_key":25},"MGASA-2026-0110",{"_key":27},"DEBIAN-CVE-2026-43038",{"_key":29},"RHSA-2026:22900",{"_key":31},"RHSA-2026:22940",{"_key":33},"UBUNTU-CVE-2026-43038",[],[],"2026-05-01T14:15:35.986Z","2026-05-11T22:16:31.106Z","Analyzed",{"cisa_kev":40,"cisa_ransomware":40,"cisa_vendor":9,"epss_severity":41,"epss_score":42,"severity":43,"severity_score":44,"severity_version":45,"severity_source":46,"severity_vector":47,"severity_status":38},false,"low",0.00076,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[49,55,59,63,67,71,75,79],{"url":50,"sources":51,"tags":53},"https://git.kernel.org/stable/c/c438ba010171b70bad22fc18b1d5bdc3627476e8",[46,52],"nvd",[54],"Patch",{"url":56,"sources":57,"tags":58},"https://git.kernel.org/stable/c/0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7",[46,52],[54],{"url":60,"sources":61,"tags":62},"https://git.kernel.org/stable/c/a4437faf135da293d16fcc4cc607316742bd0ebb",[46,52],[54],{"url":64,"sources":65,"tags":66},"https://git.kernel.org/stable/c/3d5127d998de617b130aae96b138dba22ac6a8a7",[46,52],[54],{"url":68,"sources":69,"tags":70},"https://git.kernel.org/stable/c/e41953e7d118e2702bcb217879c173d9d1d3cd4e",[46,52],[54],{"url":72,"sources":73,"tags":74},"https://git.kernel.org/stable/c/a2edbb6393972a02114b6003953a5cef3104fada",[46,52],[54],{"url":76,"sources":77,"tags":78},"https://git.kernel.org/stable/c/1ceeebd5bd6d855b17a5df625109bfe29129d7cf",[46,52],[54],{"url":80,"sources":81,"tags":82},"https://git.kernel.org/stable/c/86ab3e55673a7a49a841838776f1ab18d23a67b5",[46,52],[54],[],{"date":85,"score":42,"percentile":86},"2026-06-04",0.22927,[88,92,96,99,102,105,109,112,115,118,121,124,127,130,133,136,139,142,145,148,150,153,156,159,162,165,168,171,174,177,179,182,185,188],{"date":89,"score":90,"percentile":91},"2026-05-02",0.00024,0.06822,{"date":93,"score":94,"percentile":95},"2026-05-03",0.00053,0.16491,{"date":97,"score":94,"percentile":98},"2026-05-04",0.16425,{"date":100,"score":94,"percentile":101},"2026-05-05",0.16406,{"date":103,"score":94,"percentile":104},"2026-05-06",0.16403,{"date":106,"score":107,"percentile":108},"2026-05-07",0.0007,0.2122,{"date":110,"score":107,"percentile":111},"2026-05-08",0.21238,{"date":113,"score":107,"percentile":114},"2026-05-09",0.21307,{"date":116,"score":107,"percentile":117},"2026-05-10",0.21304,{"date":119,"score":107,"percentile":120},"2026-05-11",0.21284,{"date":122,"score":107,"percentile":123},"2026-05-12",0.21306,{"date":125,"score":107,"percentile":126},"2026-05-13",0.21353,{"date":128,"score":107,"percentile":129},"2026-05-14",0.21383,{"date":131,"score":107,"percentile":132},"2026-05-15",0.21404,{"date":134,"score":107,"percentile":135},"2026-05-16",0.21403,{"date":137,"score":107,"percentile":138},"2026-05-17",0.21359,{"date":140,"score":107,"percentile":141},"2026-05-18",0.21317,{"date":143,"score":107,"percentile":144},"2026-05-19",0.21311,{"date":146,"score":107,"percentile":147},"2026-05-20",0.21314,{"date":149,"score":107,"percentile":117},"2026-05-21",{"date":151,"score":107,"percentile":152},"2026-05-22",0.2139,{"date":154,"score":107,"percentile":155},"2026-05-23",0.21391,{"date":157,"score":107,"percentile":158},"2026-05-24",0.21371,{"date":160,"score":107,"percentile":161},"2026-05-25",0.21341,{"date":163,"score":107,"percentile":164},"2026-05-26",0.21339,{"date":166,"score":107,"percentile":167},"2026-05-27",0.21417,{"date":169,"score":107,"percentile":170},"2026-05-28",0.21542,{"date":172,"score":107,"percentile":173},"2026-05-29",0.21586,{"date":175,"score":107,"percentile":176},"2026-05-30",0.21591,{"date":178,"score":107,"percentile":176},"2026-05-31",{"date":180,"score":107,"percentile":181},"2026-06-01",0.21565,{"date":183,"score":42,"percentile":184},"2026-06-02",0.22926,{"date":186,"score":42,"percentile":187},"2026-06-03",0.22922,{"date":85,"score":42,"percentile":86},[190,194],{"source":46,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":191,"cvss_v4_0":9},{"baseScore":44,"baseSeverity":192,"vectorString":47,"impactScore":44,"exploitabilityScore":193},"CRITICAL",10,{"source":52,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":195,"cvss_v4_0":9},{"baseScore":44,"baseSeverity":192,"vectorString":47,"impactScore":44,"exploitabilityScore":193},[197,232],{"ecosystem":9,"name":198,"vendor":199,"product":199,"cpe_part":200,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":201},"Linux","linux","a",[202,209,212,215,218,221,224,227,230],{"version":203,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":207,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C c438ba010171b70bad22fc18b1d5bdc3627476e8",true,"ca15a078bd907df5fc1c009477869c5cbde3b753","including","c438ba010171b70bad22fc18b1d5bdc3627476e8","excluding",{"version":210,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":211,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C 0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7","0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7",{"version":213,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":214,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C a4437faf135da293d16fcc4cc607316742bd0ebb","a4437faf135da293d16fcc4cc607316742bd0ebb",{"version":216,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":217,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C 3d5127d998de617b130aae96b138dba22ac6a8a7","3d5127d998de617b130aae96b138dba22ac6a8a7",{"version":219,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":220,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C e41953e7d118e2702bcb217879c173d9d1d3cd4e","e41953e7d118e2702bcb217879c173d9d1d3cd4e",{"version":222,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":223,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C a2edbb6393972a02114b6003953a5cef3104fada","a2edbb6393972a02114b6003953a5cef3104fada",{"version":225,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":226,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C 1ceeebd5bd6d855b17a5df625109bfe29129d7cf","1ceeebd5bd6d855b17a5df625109bfe29129d7cf",{"version":228,"is_range":204,"range_type":46,"version_start":205,"version_start_type":206,"version_end":229,"version_end_type":208,"fixed_in":9},">= ca15a078bd907df5fc1c009477869c5cbde3b753, \u003C 86ab3e55673a7a49a841838776f1ab18d23a67b5","86ab3e55673a7a49a841838776f1ab18d23a67b5",{"version":231,"is_range":40,"range_type":46,"version_start":231,"version_start_type":206,"version_end":231,"version_end_type":206,"fixed_in":9},"3.13",{"ecosystem":9,"name":233,"vendor":199,"product":234,"cpe_part":235,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":236},"linux kernel","linux_kernel","o",[237,241,245,249,253,257,261,265,266,268,270,272,274,276,278,280,282,284,286,288],{"version":238,"is_range":204,"range_type":239,"version_start":231,"version_start_type":208,"version_end":240,"version_end_type":208,"fixed_in":9},"gt3.13_lt5.10.253","cpe","5.10.253",{"version":242,"is_range":204,"range_type":239,"version_start":243,"version_start_type":206,"version_end":244,"version_end_type":208,"fixed_in":9},"gte5.11_lt5.15.203","5.11","5.15.203",{"version":246,"is_range":204,"range_type":239,"version_start":247,"version_start_type":206,"version_end":248,"version_end_type":208,"fixed_in":9},"gte5.16_lt6.1.168","5.16","6.1.168",{"version":250,"is_range":204,"range_type":239,"version_start":251,"version_start_type":206,"version_end":252,"version_end_type":208,"fixed_in":9},"gte6.2_lt6.6.134","6.2","6.6.134",{"version":254,"is_range":204,"range_type":239,"version_start":255,"version_start_type":206,"version_end":256,"version_end_type":208,"fixed_in":9},"gte6.7_lt6.12.81","6.7","6.12.81",{"version":258,"is_range":204,"range_type":239,"version_start":259,"version_start_type":206,"version_end":260,"version_end_type":208,"fixed_in":9},"gte6.13_lt6.18.22","6.13","6.18.22",{"version":262,"is_range":204,"range_type":239,"version_start":263,"version_start_type":206,"version_end":264,"version_end_type":208,"fixed_in":9},"gte6.19_lt6.19.12","6.19","6.19.12",{"version":231,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":267,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc3",{"version":269,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc4",{"version":271,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc5",{"version":273,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc6",{"version":275,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc7",{"version":277,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.13:rc8",{"version":279,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc1",{"version":281,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc2",{"version":283,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc3",{"version":285,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc4",{"version":287,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc5",{"version":289,"is_range":40,"range_type":239,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc6"]