Lucene search
K

CVE-2026-43500

🗓️ 11 May 2026 06:26:45Reported by LinuxType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 40 Media mentions👁 183 Views🌐 WEB

CVE-2026-43500: rxrpc unshares DATA/RESPONSE packets when paged fragments are externally shared.

Related
Detection
Affected
Refs
Paths
Social
NVD
Vulners
CNA
Node
linuxlinux_kernelRange5.36.18.29
OR
linuxlinux_kernelRange6.197.0.6
OROROROROR
[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/rxrpc/call_event.c",
      "net/rxrpc/conn_event.c"
    ],
    "versions": [
      {
        "version": "d0d5c0cd1e711c98703f3544c1e6fc1372898de5",
        "lessThan": "7c504ffab3efce8f7e4f463b314ae31030bdf18b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d0d5c0cd1e711c98703f3544c1e6fc1372898de5",
        "lessThan": "3711382a77342a9a1c3d2e7330dcfc7ea927f568",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d0d5c0cd1e711c98703f3544c1e6fc1372898de5",
        "lessThan": "3eae0f4f9f7206a4801efa5e0235c25bbd5a412c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d0d5c0cd1e711c98703f3544c1e6fc1372898de5",
        "lessThan": "d45179f8795222ce858770dc619abe51f9d24411",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d0d5c0cd1e711c98703f3544c1e6fc1372898de5",
        "lessThan": "aa54b1d27fe0c2b78e664a34fd0fdf7cd1960d71",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/rxrpc/call_event.c",
      "net/rxrpc/conn_event.c"
    ],
    "versions": [
      {
        "version": "5.3",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.3",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.140",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.88",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18.29",
        "lessThanOrEqual": "6.18.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "7.0.6",
        "lessThanOrEqual": "7.0.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "7.1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
UIDpath/usr/bin/suDirty Frag/xfrm-ESP path writes and RxRPC path writes can overwrite in-page cache content of /usr/bin/su via splice/vmsplice decryption, enabling root exploit.CWE-123CWE-787
shellcode_offsetpath/usr/bin/suDirty Frag/xfrm-ESP path writes and RxRPC path writes can overwrite in-page cache content of /usr/bin/su via splice/vmsplice decryption, enabling root exploit.CWE-123CWE-787
patch_markerpath/usr/bin/suDirty Frag/xfrm-ESP path writes and RxRPC path writes can overwrite in-page cache content of /usr/bin/su via splice/vmsplice decryption, enabling root exploit.CWE-123CWE-787
UID_fieldpath/etc/passwdDirty Frag RxRPC path writes can modify in-page cache data of /etc/passwd, enabling privilege escalation by altering UID mappings.CWE-123CWE-787
password_fieldpath/etc/passwdDirty Frag RxRPC path writes can modify in-page cache data of /etc/passwd, enabling privilege escalation by altering UID mappings.CWE-123CWE-787
entry_fieldspath/etc/passwdDirty Frag RxRPC path writes can modify in-page cache data of /etc/passwd, enabling privilege escalation by altering UID mappings.CWE-123CWE-787

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation