CVE-2026-43190

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2026-43190 RHSA-2026:21556 RHSA-2026:21557 RHSA-2026:21706 RHSA-2026:21745 RHSA-2026:25028

Analyzed

Published: 06 May 2026, 11:27

Last modified:11 May 2026, 22:19

Vulnerability Summary

Overall Risk (default)

medium

33/100

CVSS Score

8.2 HIGH

v3.1 (cve.org)

EPSS Score

0.46% LOW

0% probability +0.34%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 May 2026, 11:27

Published

Vulnerability first disclosed

11 May 2026, 22:19

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads op[i+1] directly without validating the remaining option length. If the last byte of the option field is not EOL/NOP (0/1), the code attempts to index op[i+1]. In the case where i + 1 == optlen, this causes an out-of-bounds read, accessing memory past the optlen boundary (either reading beyond the stack buffer _opt or the following payload).

CVSS Metrics

v3.1•HIGH•Score: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Trends

Current EPSS score: 0.46%• Percentile: 36%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < f895191dc32c53eaf443b6443fe40945b2f92287 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < cd5beda7e0e32865e214f28034bb92c1cecff885 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < eaedc0bc18be46fe7f58170e967959a932c4f824 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 07a9b32eaae792ff7d0fcac14d8920c937c0a9c3 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 8b300f726640c48c3edfe9c453334dd801f4b74e | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 5e13d0a37666955b6cfddc0f73cb40ed645b8a05 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < f6c412dcfd76b0516d51aa847d8f4c7b70381b09 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 735ee8582da3d239eb0c7a53adca61b79fb228b3 | 2.6.12
linux•linux_kernel
≥ 2.6.12.1, < 5.10.252 | ≥ 5.11, < 5.15.202 | ≥ 5.16, < 6.1.165 | ≥ 6.2, < 6.6.128 | ≥ 6.7, < 6.12.75 | ≥ 6.13, < 6.18.16 | ≥ 6.19, < 6.19.6 | 2.6.12 | 2.6.12:rc2 | 2.6.12:rc3 | 2.6.12:rc4 | 2.6.12:rc5 | 2.6.12:rc6