CVE•Published 2026-05-01•Modified 2026-05-08•0 articles on news•5 live references•NVD data

CVE-2026-43036Linux · Linux_kernel

Vulnerability data via NVD (ingested)

CVSS v3.1

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS percentile

Exploit Prediction Scoring System · top 95% of all CVEs

Weaknesses (CWE)

CWE-908Use of Uninitialized Resource

Description

In the Linux kernel, the following vulnerability has been resolved: net: use skb_header_pointer() for TCPv4 GSO frag_off check Syzbot reported a KMSAN uninit-value warning in gso_features_check() called from netif_skb_features() [1]. gso_features_check() reads iph->frag_off to decide whether to clear mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr() can rely on skb header offsets that are not always safe for direct dereference on packets injected from PF_PACKET paths. Use skb_header_pointer() for the TCPv4 frag_off check so the header read is robust whether data is already linear or needs copying. [1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407

Timeline

Published 2026-05-01

Modified 2026-05-08

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-43036

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · OS

os:"Linux Kernel"

Hosts Shodan identified as running Linux Kernel.

More intel sources (5)

Shodan report

vuln:CVE-2026-43036

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-43036