PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43244 Linux CVE debrief

CVE-2026-43244 is a Linux kernel KCM issue where a partial sendmsg() failure can leave an empty skb in a frag_list. In the affected path, that malformed chain can later trigger a kernel warning while messages are processed, creating an availability problem. The kernel fix adds cleanup for the empty skb and reduces repeated warning noise.

Vendor
Linux
Product
CVE-2026-43244
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-05-11
Advisory published
2026-05-06
Advisory updated
2026-05-11

Who should care

Linux kernel maintainers, distribution security teams, and operators running systems with KCM enabled, especially where local users can reach the affected socket path.

Technical summary

According to the source description, kcm_sendmsg() may allocate and link a new skb into frag_list after filling MAX_SKB_FRAGS in the current skb. If the subsequent user-copy fails, the new tail skb can remain with zero fragments. For SOCK_SEQPACKET, a later zero-length write can complete the partial message and queue it, and kcm_write_msgs() then encounters a zero-fragment skb and reaches WARN_ON(!skb_shinfo(skb)->nr_frags). The fix tracks the predecessor skb so the empty tail can be unlinked and freed on error, and changes the warning to WARN_ON_ONCE. The NVD record lists CWE-401 and a CVSS v3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

Medium. The issue is local and availability-focused, but it can lead to kernel warnings and service disruption on affected kernels.

Recommended defensive actions

  • Apply the Linux kernel fixes referenced in the NVD record and vendor patch links.
  • Verify whether KCM is enabled or used in your kernel builds and deployments.
  • Prioritize updates for systems that expose local login access or run multi-tenant workloads.
  • Monitor affected hosts for repeated kernel warnings involving kcm_write_msgs() or frag_list handling.
  • Use the published version ranges to confirm exposure across your kernel fleet: 4.6 through 6.12.75, 6.13 through 6.18.16, 6.19 through 6.19.6, and 7.0-rc1.

Evidence notes

Evidence comes from the supplied NVD record and its linked stable.kernel.org patches. The source description explains the failure mode: an empty skb can remain in frag_list after a partial sendmsg() error, leading kcm_write_msgs() to hit a warning. NVD marks the vulnerability as analyzed, assigns CWE-401, and provides the affected version ranges and CVSS vector. The source also notes that there are currently no KCM selftests in the kernel tree.

Official resources

CVE published by NVD on 2026-05-06 and last modified on 2026-05-11, per the supplied timeline. This debrief reflects the published record and linked kernel patches only.