CVE-2026-43040

Public on 2026-05-01

Modified on 2026-05-02

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak

Severity

Medium

See what this means

CVSS v3 Base Score

5.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2 - Core	kernel			Pending Fix
Amazon Linux 2 - Kernel-5.4 Extra	kernel			Pending Fix
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2026-05-09	ALAS2KERNEL-5.10-2026-118	Fixed
Amazon Linux 2 - Kernel-5.15 Extra	kernel	2026-05-09	ALAS2KERNEL-5.15-2026-102	Fixed
Amazon Linux 2023	kernel	2026-05-09	ALAS2023-2026-1681	Fixed
Amazon Linux 2023	kernel6.12	2026-05-09	ALAS2023-2026-1695	Fixed
Amazon Linux 2023	kernel6.18			Pending Fix

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD	CVSSv3	7.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-43040 Mitre: CVE-2026-43040