PatchSiren cyber security CVE debrief

CVE-2026-43411 Linux CVE debrief

A divide-by-zero vulnerability exists in the Linux kernel's TIPC (Transparent Inter-Process Communication) socket implementation. The flaw occurs in `tipc_sk_filter_connect()` when a user sets `conn_timeout` to a value less than 4 via `setsockopt(TIPC_CONN_TIMEOUT)`. When a SYN packet is rejected with `TIPC_ERR_OVERLOAD`, the retry path executes `delay %= (tsk->conn_timeout / 4)`, which triggers a divide-by-zero exception when `conn_timeout` is in the range [0, 3], causing a kernel oops or panic. The vulnerability affects Linux kernel versions from 4.20 through 7.0-rc3 across multiple stable branches. The fix clamps `conn_timeout` to a minimum of 4 at the point of use in `tipc_sk_filter_connect()`. This is a local vulnerability requiring low privileges with no user interaction, resulting in high availability impact through denial of service.

Vendor: Linux
Product: Unknown
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-08
Original CVE updated: 2026-05-21
Advisory published: 2026-05-08
Advisory updated: 2026-05-21

Who should care

Linux system administrators, kernel maintainers, embedded systems developers using TIPC, security teams monitoring for local privilege escalation or denial-of-service vectors

Technical summary

The vulnerability stems from insufficient input validation on the `TIPC_CONN_TIMEOUT` socket option. When `conn_timeout` is set to 0-3, the expression `tsk->conn_timeout / 4` evaluates to 0, causing a modulo-by-zero in the retry delay calculation. The fix implements a clamp to ensure minimum value of 4 before division. Stack trace shows crash path: `tipc_connect` → `release_sock` → `__release_sock` → `tipc_sk_backlog_rcv` → `tipc_sk_filter_rcv` → `tipc_sk_filter_connect`.

Defensive priority

high

Recommended defensive actions

Apply kernel patches from stable branches: 5.10.253+, 5.15.203+, 6.1.167+, 6.6.130+, 6.12.78+, 6.18.19+, 6.19.9+, or 7.0-rc4+
Restrict unprivileged access to TIPC sockets where possible
Monitor for kernel oops/panic events related to tipc_sk_filter_connect
Review systems using TIPC for inter-process communication
Validate kernel version against affected ranges in CPE criteria

Evidence notes

CVE published 2026-05-08; modified 2026-05-21. NVD analyzed status. CVSS 3.1 score 5.5 (MEDIUM). CWE-369 (Divide By Zero). Affects Linux kernel 4.20+ through 7.0-rc3. Multiple stable branch patches available.

Official resources

CVE-2026-43411 CVE record
CVE.org
CVE-2026-43411 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch

2026-05-08