{"id":"CVE-2026-43040","summary":"net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak\n\nWhen processing Router Advertisements with user options the kernel\nbuilds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct\nhas three padding fields that are never zeroed and can leak kernel data\n\nThe fix is simple, just zeroes the padding fields.","modified":"2026-07-04T18:29:13.371984917Z","published":"2026-05-01T14:15:37.364Z","related":["SUSE-SU-2026:22099-1","SUSE-SU-2026:22108-1","SUSE-SU-2026:22112-1","SUSE-SU-2026:22127-1","SUSE-SU-2026:22137-1","SUSE-SU-2026:22433-1","SUSE-SU-2026:22458-1","SUSE-SU-2026:2450-1","SUSE-SU-2026:2482-1","SUSE-SU-2026:2591-1","openSUSE-SU-2026:20965-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43040.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/11d7fe97421cfc81549940c20ed5ac9472d6db05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4f810c686fde509d1cdaa706322d9d2531f8f1a4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7f56d87e527bb5a13c3e8b0d5840cb6332822f6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae05340ccaa9d347fe85415609e075545bec589f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b485eef3d97b7aae55ce669b6de555ec81f3d21c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef3645606e4a635d5062a492f22b7f490852ee67"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43040.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43040"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"31910575a9de61e78065e93846e8e7a4894a18bf"},{"fixed":"1da9023f6b071a38e5430ffbce4b70b2b1ac4f9c"},{"fixed":"2fe4d0ba690a69ad6ae9f7ab9bdc96e02610b648"},{"fixed":"11d7fe97421cfc81549940c20ed5ac9472d6db05"},{"fixed":"7f56d87e527bb5a13c3e8b0d5840cb6332822f6d"},{"fixed":"4f810c686fde509d1cdaa706322d9d2531f8f1a4"},{"fixed":"b485eef3d97b7aae55ce669b6de555ec81f3d21c"},{"fixed":"ef3645606e4a635d5062a492f22b7f490852ee67"},{"fixed":"ae05340ccaa9d347fe85415609e075545bec589f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43040.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.24"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43040.json"}}],"schema_version":"1.7.5"}