DEBIAN-CVE-2026-43190
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 06 May 2026, 12:16
Last modified:15 Jun 2026, 19:06
Vulnerability Summary
Overall Risk (default)
medium
33/100 CVSS Score
8.2 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 May 2026, 12:16
Published
Vulnerability first disclosed
15 Jun 2026, 19:06
Last Modified
Vulnerability information updated
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads op[i+1] directly without validating the remaining option length. If the last byte of the option field is not EOL/NOP (0/1), the code attempts to index op[i+1]. In the case where i + 1 == optlen, this causes an out-of-bounds read, accessing memory past the optlen boundary (either reading beyond the stack buffer _opt or the following payload).
CVSS Metrics
- v3.1•HIGH•Score: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Affected Systems
- debian•linux
all | < 5.10.257-1 | < 6.1.170-1 | < 6.12.85-1 | < 6.19.6-1