PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43035 Linux CVE debrief

A vulnerability was found in the Linux kernel's net: sched: cls_api. The tc_chain_fill_node function did not initialize the tcm_info field of struct tcmsg, leading to a potential info-leak of 4 bytes of kernel heap memory to userspace. The vulnerability has been patched. Linux kernel versions 4.19 through 7.0 rc6 are potentially affected. Users of these versions should review and apply patches provided by Linux kernel maintainers.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-01
Original CVE updated
2026-07-14
Advisory published
2026-05-01
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 4.19 through 7.0 rc6 should review and apply patches provided by Linux kernel maintainers. Security teams and vulnerability management teams should prioritize patching and monitor for potential exploitation attempts.

Technical summary

The tc_chain_fill_node function in the Linux kernel's net: sched: cls_api did not initialize the tcm_info field of struct tcmsg. This could lead to 4 bytes of kernel heap memory being leaked to userspace when building netlink messages. The fix involves zeroing tcm_info alongside other already initialized fields. Linux kernel versions 4.19 through 7.0 rc6 are potentially affected. Users of these versions should review and apply patches provided by Linux kernel maintainers to prevent potential info-leaks. Security teams should prioritize patching and monitor for potential exploitation attempts. It is essential to verify patch application and kernel versions to ensure the vulnerability is fully remediated.

Defensive priority

Medium priority due to potential for info-leak

Recommended defensive actions

  • Apply patches provided by Linux kernel maintainers
  • Review and update Linux kernel versions to ensure patched versions are used
  • Monitor for potential exploitation attempts
  • Verify patch application and kernel versions
  • Review compensating controls for exposed systems
  • Check relevant monitoring, detection, and logs for exposed assets
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-05-01T15:16:48.147Z and last modified on 2026-07-14T13:18:53.267Z. Multiple patches are available for various Linux kernel versions. Linux kernel versions 4.19 through 7.0 rc6 are potentially affected. Users should verify their kernel versions and apply patches as necessary. The vulnerability has been patched, but defenders should verify patch application and monitor for potential exploitation attempts.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-01T15:16:48.147Z and has not been modified since then.