CVE-2026-43090

CVE-2026-43090 concerns a Linux kernel memory-leak in the XFRM subsystem. The root cause is a double call to xfrm_pol_hold_rcu() inside xfrm_migrate_policy_find(), even though the lookup function already returns a policy with a held reference. This leads to a refcount imbalance and memory leak of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002685 advisory. net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003221)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003221 advisory. net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX ...

kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message

The xfrmmigrate function in the net/xfrm/xfrmpolicy.c file in the Linux kernel built with CONFIGXFRMMIGRATE does not verify if the dir parameter is less than XFRMPOLICYMAX. This allows a local attacker to cause a denial of service out-of-bounds access or possibly have unspecified other impact by...

kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message

The xfrmmigrate function in the net/xfrm/xfrmpolicy.c file in the Linux kernel built with CONFIGXFRMMIGRATE does not verify if the dir parameter is less than XFRMPOLICYMAX. This allows a local attacker to cause a denial of service out-of-bounds access or possibly have unspecified other impact by...

UBUNTU-CVE-2017-11600

net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a denial of service out-of-bounds access or possibly have unspecified other impact via an...

PT-2017-12130 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.12.3 Description: The issue is related to the net/xfrm/xfrm policy.c file in the Linux kernel. It does not properly validate the dir value of xfrm userpolicy id when CONFIG XFRM MIGRATE is enabled. This can be...

xfrm Out-Of-Bounds Read Vulnerability

When dealing with XFRMMSGMIGRATE message, xfrmmigrate func does not check dir value of xfrmuserpolicyid. This will cause out of bound access to net-xfrm.policybydst in policyhashdirect func and others when dir value exceeds XFRMPOLICYMAX. Linux kernel versions 4.12 and below are affected. Issue...