CVE-2026-43035

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized.

CVSS v3.1 Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-908 CWE-908

Affected Products

Vendor	Product	Versions
linux	linux_kernel	4.19 — 5.10.253
linux	linux_kernel	5.11 — 5.15.203
linux	linux_kernel	5.16 — 6.1.168
linux	linux_kernel	6.2 — 6.6.134
linux	linux_kernel	6.7 — 6.12.81
linux	linux_kernel	6.13 — 6.18.22
linux	linux_kernel	6.19 — 6.19.12
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/1091b3c174441a52fdbb92e2fe00338f9371a91c https://git.kernel.org/stable/c/4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3 https://git.kernel.org/stable/c/71a3eda7e850ae844cb8993065f4e410c11a46ce https://git.kernel.org/stable/c/903c3405cfcc7700260e456ab66a5867586c9e69 https://git.kernel.org/stable/c/906997ea3766c24fbbf9cc4bf17c047315bbd138 https://git.kernel.org/stable/c/d6db08484c6cb3d4ad696246f9d288eceba2a078 https://git.kernel.org/stable/c/e35f5195cd44ff4053fbc5d71ea97681728a0099 https://git.kernel.org/stable/c/e6e3eb5ee89ac4c163d46429391c889a1bb5e404

Frequently Asked Questions

What is CVE-2026-43035? +

In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized. It has a CVSS v3.1 base score of 5.5 (MEDIUM).

How severe is CVE-2026-43035? +

CVE-2026-43035 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-43035? +

CVE-2026-43035 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-43035? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2329

In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and …

CVE-2025-48513

Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel …

CVE-2025-1942 9.8

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result …

CVE-2024-32611 9.8

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

CVE-2025-50165 9.8

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVE-2024-47540 9.8

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the …