CVE-2026-43080 (GCVE-0-2026-43080)

Vulnerability from cvelistv5 – Published: 2026-05-06 07:40 – Updated: 2026-05-06 07:40
VLAI?
Title
l2tp: Drop large packets with UDP encap
Summary
In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series [1]. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow check that exposed the issue, that's why syzbot tripped on my patches, rather than on upstream code. syzbot's repro: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xfffffffc}, 0x1c) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e22, 0xffff, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x32) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="ee", 0x34000}], 0x1) It basically sends an oversized (0x34000 bytes) PPPoL2TP packet with UDP encapsulation, and l2tp_xmit_core doesn't check for overflows when it assigns the UDP length field. The value gets trimmed to 16 bites. Add an overflow check that drops oversized packets and avoids sending packets with trimmed UDP length to the wire. syzbot's stack trace (with my patch applied): len >= 65536u WARNING: ./include/linux/udp.h:38 at udp_set_len_short include/linux/udp.h:38 [inline], CPU#1: syz.0.17/5957 WARNING: ./include/linux/udp.h:38 at l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline], CPU#1: syz.0.17/5957 WARNING: ./include/linux/udp.h:38 at l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327, CPU#1: syz.0.17/5957 Modules linked in: CPU: 1 UID: 0 PID: 5957 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:udp_set_len_short include/linux/udp.h:38 [inline] RIP: 0010:l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline] RIP: 0010:l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327 Code: 0f 0b 90 e9 21 f9 ff ff e8 e9 05 ec f6 90 0f 0b 90 e9 8d f9 ff ff e8 db 05 ec f6 90 0f 0b 90 e9 cc f9 ff ff e8 cd 05 ec f6 90 <0f> 0b 90 e9 de fa ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 4f RSP: 0018:ffffc90003d67878 EFLAGS: 00010293 RAX: ffffffff8ad985e3 RBX: ffff8881a6400090 RCX: ffff8881697f0000 RDX: 0000000000000000 RSI: 0000000000034010 RDI: 000000000000ffff RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520007acf00 R12: ffff8881baf20900 R13: 0000000000034010 R14: ffff8881a640008e R15: ffff8881760f7000 FS: 000055557e81f500(0000) GS:ffff8882a9467000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000033000 CR3: 00000001612f4000 CR4: 00000000000006f0 Call Trace: <TASK> pppol2tp_sendmsg+0x40a/0x5f0 net/l2tp/l2tp_ppp.c:302 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] sock_write_iter+0x503/0x550 net/socket.c:1195 do_iter_readv_writev+0x619/0x8c0 fs/read_write.c:-1 vfs_writev+0x33c/0x990 fs/read_write.c:1059 do_writev+0x154/0x2e0 fs/read_write.c:1105 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f636479c629 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffffd4241c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f6364a15fa0 RCX: 00007f636479c629 RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 RBP: 00007f6364832b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6364a15fac R14: 00007f6364a15fa0 R15: 00007f6364a15fa0 </TASK> [1]: https://lore.kernel.org/all/20260226201600.222044-1-alice.kernel@fastmail.im/
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 3557baabf28088f49bdf72a048fd33ab62e205b1 , < 9ccce02d501335f59a02f26c878c5e095b16302f (git)
Affected: 3557baabf28088f49bdf72a048fd33ab62e205b1 , < 77c1489398c85a844f90205f5e76fd6bc8bb4089 (git)
Affected: 3557baabf28088f49bdf72a048fd33ab62e205b1 , < 86534c97abd6365a9a021fd767a2023e63c44469 (git)
Affected: 3557baabf28088f49bdf72a048fd33ab62e205b1 , < f295fe86e22ff0a2ecebf05e30a387e5cf6f6ddc (git)
Affected: 3557baabf28088f49bdf72a048fd33ab62e205b1 , < ebe560ea5f54134279356703e73b7f867c89db13 (git)
Create a notification for this product.
    Linux Linux Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 6.6.136 , ≤ 6.6.* (semver)
Unaffected: 6.12.83 , ≤ 6.12.* (semver)
Unaffected: 6.18.24 , ≤ 6.18.* (semver)
Unaffected: 6.19.14 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9ccce02d501335f59a02f26c878c5e095b16302f",
              "status": "affected",
              "version": "3557baabf28088f49bdf72a048fd33ab62e205b1",
              "versionType": "git"
            },
            {
              "lessThan": "77c1489398c85a844f90205f5e76fd6bc8bb4089",
              "status": "affected",
              "version": "3557baabf28088f49bdf72a048fd33ab62e205b1",
              "versionType": "git"
            },
            {
              "lessThan": "86534c97abd6365a9a021fd767a2023e63c44469",
              "status": "affected",
              "version": "3557baabf28088f49bdf72a048fd33ab62e205b1",
              "versionType": "git"
            },
            {
              "lessThan": "f295fe86e22ff0a2ecebf05e30a387e5cf6f6ddc",
              "status": "affected",
              "version": "3557baabf28088f49bdf72a048fd33ab62e205b1",
              "versionType": "git"
            },
            {
              "lessThan": "ebe560ea5f54134279356703e73b7f867c89db13",
              "status": "affected",
              "version": "3557baabf28088f49bdf72a048fd33ab62e205b1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/l2tp/l2tp_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.136",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.83",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.24",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.14",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: Drop large packets with UDP encap\n\nsyzbot reported a WARN on my patch series [1]. The actual issue is an\noverflow of 16-bit UDP length field, and it exists in the upstream code.\nMy series added a debug WARN with an overflow check that exposed the\nissue, that\u0027s why syzbot tripped on my patches, rather than on upstream\ncode.\n\nsyzbot\u0027s repro:\n\nr0 = socket$pppl2tp(0x18, 0x1, 0x1)\nr1 = socket$inet6_udp(0xa, 0x2, 0x0)\nconnect$inet6(r1, \u0026(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xfffffffc}, 0x1c)\nconnect$pppl2tp(r0, \u0026(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e22, 0xffff, @ipv4={\u0027\\x00\u0027, \u0027\\xff\\xff\u0027, @empty}}}}, 0x32)\nwritev(r0, \u0026(0x7f0000000080)=[{\u0026(0x7f0000000000)=\"ee\", 0x34000}], 0x1)\n\nIt basically sends an oversized (0x34000 bytes) PPPoL2TP packet with UDP\nencapsulation, and l2tp_xmit_core doesn\u0027t check for overflows when it\nassigns the UDP length field. The value gets trimmed to 16 bites.\n\nAdd an overflow check that drops oversized packets and avoids sending\npackets with trimmed UDP length to the wire.\n\nsyzbot\u0027s stack trace (with my patch applied):\n\nlen \u003e= 65536u\nWARNING: ./include/linux/udp.h:38 at udp_set_len_short include/linux/udp.h:38 [inline], CPU#1: syz.0.17/5957\nWARNING: ./include/linux/udp.h:38 at l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline], CPU#1: syz.0.17/5957\nWARNING: ./include/linux/udp.h:38 at l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327, CPU#1: syz.0.17/5957\nModules linked in:\nCPU: 1 UID: 0 PID: 5957 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:udp_set_len_short include/linux/udp.h:38 [inline]\nRIP: 0010:l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline]\nRIP: 0010:l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327\nCode: 0f 0b 90 e9 21 f9 ff ff e8 e9 05 ec f6 90 0f 0b 90 e9 8d f9 ff ff e8 db 05 ec f6 90 0f 0b 90 e9 cc f9 ff ff e8 cd 05 ec f6 90 \u003c0f\u003e 0b 90 e9 de fa ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 4f\nRSP: 0018:ffffc90003d67878 EFLAGS: 00010293\nRAX: ffffffff8ad985e3 RBX: ffff8881a6400090 RCX: ffff8881697f0000\nRDX: 0000000000000000 RSI: 0000000000034010 RDI: 000000000000ffff\nRBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004\nR10: dffffc0000000000 R11: fffff520007acf00 R12: ffff8881baf20900\nR13: 0000000000034010 R14: ffff8881a640008e R15: ffff8881760f7000\nFS:  000055557e81f500(0000) GS:ffff8882a9467000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000200000033000 CR3: 00000001612f4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n pppol2tp_sendmsg+0x40a/0x5f0 net/l2tp/l2tp_ppp.c:302\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n sock_write_iter+0x503/0x550 net/socket.c:1195\n do_iter_readv_writev+0x619/0x8c0 fs/read_write.c:-1\n vfs_writev+0x33c/0x990 fs/read_write.c:1059\n do_writev+0x154/0x2e0 fs/read_write.c:1105\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f636479c629\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffffd4241c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f6364a15fa0 RCX: 00007f636479c629\nRDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003\nRBP: 00007f6364832b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f6364a15fac R14: 00007f6364a15fa0 R15: 00007f6364a15fa0\n \u003c/TASK\u003e\n\n[1]: https://lore.kernel.org/all/20260226201600.222044-1-alice.kernel@fastmail.im/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T07:40:16.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9ccce02d501335f59a02f26c878c5e095b16302f"
        },
        {
          "url": "https://git.kernel.org/stable/c/77c1489398c85a844f90205f5e76fd6bc8bb4089"
        },
        {
          "url": "https://git.kernel.org/stable/c/86534c97abd6365a9a021fd767a2023e63c44469"
        },
        {
          "url": "https://git.kernel.org/stable/c/f295fe86e22ff0a2ecebf05e30a387e5cf6f6ddc"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebe560ea5f54134279356703e73b7f867c89db13"
        }
      ],
      "title": "l2tp: Drop large packets with UDP encap",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43080",
    "datePublished": "2026-05-06T07:40:16.491Z",
    "dateReserved": "2026-05-01T14:12:55.983Z",
    "dateUpdated": "2026-05-06T07:40:16.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43080",
      "date": "2026-05-08",
      "epss": "0.00018",
      "percentile": "0.04875"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43080\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-06T10:16:21.110\",\"lastModified\":\"2026-05-06T13:08:07.970\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nl2tp: Drop large packets with UDP encap\\n\\nsyzbot reported a WARN on my patch series [1]. The actual issue is an\\noverflow of 16-bit UDP length field, and it exists in the upstream code.\\nMy series added a debug WARN with an overflow check that exposed the\\nissue, that\u0027s why syzbot tripped on my patches, rather than on upstream\\ncode.\\n\\nsyzbot\u0027s repro:\\n\\nr0 = socket$pppl2tp(0x18, 0x1, 0x1)\\nr1 = socket$inet6_udp(0xa, 0x2, 0x0)\\nconnect$inet6(r1, \u0026(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xfffffffc}, 0x1c)\\nconnect$pppl2tp(r0, \u0026(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e22, 0xffff, @ipv4={\u0027\\\\x00\u0027, \u0027\\\\xff\\\\xff\u0027, @empty}}}}, 0x32)\\nwritev(r0, \u0026(0x7f0000000080)=[{\u0026(0x7f0000000000)=\\\"ee\\\", 0x34000}], 0x1)\\n\\nIt basically sends an oversized (0x34000 bytes) PPPoL2TP packet with UDP\\nencapsulation, and l2tp_xmit_core doesn\u0027t check for overflows when it\\nassigns the UDP length field. The value gets trimmed to 16 bites.\\n\\nAdd an overflow check that drops oversized packets and avoids sending\\npackets with trimmed UDP length to the wire.\\n\\nsyzbot\u0027s stack trace (with my patch applied):\\n\\nlen \u003e= 65536u\\nWARNING: ./include/linux/udp.h:38 at udp_set_len_short include/linux/udp.h:38 [inline], CPU#1: syz.0.17/5957\\nWARNING: ./include/linux/udp.h:38 at l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline], CPU#1: syz.0.17/5957\\nWARNING: ./include/linux/udp.h:38 at l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327, CPU#1: syz.0.17/5957\\nModules linked in:\\nCPU: 1 UID: 0 PID: 5957 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\\nRIP: 0010:udp_set_len_short include/linux/udp.h:38 [inline]\\nRIP: 0010:l2tp_xmit_core net/l2tp/l2tp_core.c:1293 [inline]\\nRIP: 0010:l2tp_xmit_skb+0x1204/0x18d0 net/l2tp/l2tp_core.c:1327\\nCode: 0f 0b 90 e9 21 f9 ff ff e8 e9 05 ec f6 90 0f 0b 90 e9 8d f9 ff ff e8 db 05 ec f6 90 0f 0b 90 e9 cc f9 ff ff e8 cd 05 ec f6 90 \u003c0f\u003e 0b 90 e9 de fa ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 4f\\nRSP: 0018:ffffc90003d67878 EFLAGS: 00010293\\nRAX: ffffffff8ad985e3 RBX: ffff8881a6400090 RCX: ffff8881697f0000\\nRDX: 0000000000000000 RSI: 0000000000034010 RDI: 000000000000ffff\\nRBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004\\nR10: dffffc0000000000 R11: fffff520007acf00 R12: ffff8881baf20900\\nR13: 0000000000034010 R14: ffff8881a640008e R15: ffff8881760f7000\\nFS:  000055557e81f500(0000) GS:ffff8882a9467000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 0000200000033000 CR3: 00000001612f4000 CR4: 00000000000006f0\\nCall Trace:\\n \u003cTASK\u003e\\n pppol2tp_sendmsg+0x40a/0x5f0 net/l2tp/l2tp_ppp.c:302\\n sock_sendmsg_nosec net/socket.c:727 [inline]\\n __sock_sendmsg net/socket.c:742 [inline]\\n sock_write_iter+0x503/0x550 net/socket.c:1195\\n do_iter_readv_writev+0x619/0x8c0 fs/read_write.c:-1\\n vfs_writev+0x33c/0x990 fs/read_write.c:1059\\n do_writev+0x154/0x2e0 fs/read_write.c:1105\\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\\n do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7f636479c629\\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007ffffd4241c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\\nRAX: ffffffffffffffda RBX: 00007f6364a15fa0 RCX: 00007f636479c629\\nRDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003\\nRBP: 00007f6364832b39 R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\nR13: 00007f6364a15fac R14: 00007f6364a15fa0 R15: 00007f6364a15fa0\\n \u003c/TASK\u003e\\n\\n[1]: https://lore.kernel.org/all/20260226201600.222044-1-alice.kernel@fastmail.im/\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/77c1489398c85a844f90205f5e76fd6bc8bb4089\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/86534c97abd6365a9a021fd767a2023e63c44469\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9ccce02d501335f59a02f26c878c5e095b16302f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ebe560ea5f54134279356703e73b7f867c89db13\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f295fe86e22ff0a2ecebf05e30a387e5cf6f6ddc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.