PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43500 Linux CVE debrief

CVE-2026-43500 is a Linux kernel rxrpc memory-safety bug in packet handling. According to the NVD record and linked kernel fixes, the flaw occurs when DATA or RESPONSE packets carry paged fragments that were not cloned but are still externally shared; the old gate only unshared cloned skbs, which could send shared fragments into in-place decryption. NVD classifies the issue as CWE-787 and rates it HIGH (CVSS 7.8).

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-05-17
Advisory published
2026-05-11
Advisory updated
2026-05-17

Who should care

Linux kernel and distro security teams, kernel maintainers, and administrators running affected kernels should care most. The CVSS vector is local (AV:L) with low privileges required (PR:L), so this is primarily a host-side risk on systems where local users or local services can reach the affected rxrpc paths.

Technical summary

The supplied description says rxrpc_input_call_event() and rxrpc_verify_response() only copied skb buffers to a linear buffer when skb_cloned() was true. That missed packets with shared paged fragments, including cases where skb_has_frag_list() or skb_has_shared_frag() is true. The fix extends the unshare check to those fragment-sharing conditions before security operations and decryption, preserving the zero-copy path for kernel-private fragments while avoiding unsafe handling of externally-owned pages. NVD maps the weakness to CWE-787.

Defensive priority

High. The issue is local rather than remote, but it affects core kernel packet processing and carries a high CVSS score. Prioritize patching affected kernels and confirm that vendor backports are present on deployed systems.

Recommended defensive actions

  • Upgrade to a kernel version that includes the fix; NVD lists affected ranges as Linux kernel versions before 6.18.29 and 6.19 through before 7.0.6, plus the specific release-candidate builds called out in the record.
  • Verify that your distribution's kernel package includes the backported rxrpc fix, since vendor kernels may not align exactly with upstream version numbers.
  • If rxrpc is enabled or in use on your systems, place these hosts high in your patch queue, especially multi-user machines where local access is feasible.
  • Monitor vendor advisories and kernel changelogs for the linked stable patch references to confirm remediation has been applied.
  • Use standard hardening and least-privilege controls to reduce the likelihood that an untrusted local user can reach the affected code paths before patching.

Evidence notes

This debrief is based only on the supplied NVD record, its published/modified dates (published 2026-05-11, modified 2026-05-17), and the linked kernel references. The record describes an rxrpc packet-handling unshare check that failed to account for shared paged fragments, and it classifies the issue as CWE-787 with a local CVSS 7.8 score. No exploit code, weaponized reproduction, or unsupported impact claims are included.

Official resources

Publicly disclosed in the supplied CVE record on 2026-05-11 and modified on 2026-05-17. The enrichment does not mark it as a Known Exploited Vulnerability.