kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-43037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 recei...

CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

PT-2026-36454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ip4ip6 err function where it calls icmp send using a cloned socket buffer skb containing cb data written as struct inet6 skb parm. The icmp send function passes...