CVE-2026-43481: Kernel Memory Corruption in Linux Kernel
Platform
linux
Component
linux
Fixed in
57885276cc16a2e2b76282c808a4e84cbecb3aae
CVE-2026-43481 is a memory corruption vulnerability discovered and resolved in the Linux Kernel. This issue stems from a double-free condition within the netshapers subsystem, specifically within the netshapernlgetdoit() and netshapernlcapgetdoit() functions. Exploitation can lead to a denial-of-service (DoS) condition. The vulnerability affects Linux Kernel versions up to and including 57885276cc16a2e2b76282c808a4e84cbecb3aae, with a fix available in the same version.
Impact and Attack Scenarios
The vulnerability allows for a double-free condition, where the same memory buffer is freed twice. This can lead to a crash of the net_shapers subsystem, potentially causing a denial-of-service (DoS) for the affected system. An attacker could trigger this by sending specially crafted network shaping requests. While the immediate impact is a DoS, a successful exploitation could potentially be chained with other vulnerabilities to achieve more severe consequences, such as arbitrary code execution, although this is not directly demonstrated in the vulnerability description. The blast radius is limited to the system running the vulnerable kernel.
Exploitation Context
The vulnerability was published on 2026-05-13. There is no indication of this vulnerability being listed on KEV or having an EPSS score. No public proof-of-concept (PoC) code is currently known. Given the nature of the vulnerability (memory corruption leading to DoS), it is plausible that it could be exploited in the future, especially if a PoC is released.
Affected Software
Timeline
- Reserved
- Published
Mitigation and Workarounds
The primary mitigation is to upgrade the Linux Kernel to version 57885276cc16a2e2b76282c808a4e84cbecb3aae or later. If an immediate upgrade is not possible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While no specific WAF or proxy rules are directly applicable, ensuring robust network input validation can help prevent the transmission of malicious network shaping requests. Monitor system logs for any unusual kernel errors or crashes related to the net_shapers subsystem. After upgrading, confirm the fix by sending a series of network shaping requests and verifying that no crashes or errors occur.
How to fix
Aplique la actualización del kernel a la versión corregida (6.13 o superior) para evitar la liberación prematura de memoria SKB. Consulte las notas de la versión del kernel para obtener instrucciones específicas de actualización para su distribución de Linux.
Frequently asked questions
What is CVE-2026-43481 — Kernel Memory Corruption in Linux Kernel?
CVE-2026-43481 is a vulnerability in the Linux Kernel that can lead to a denial-of-service (DoS) due to a double-free condition in the net_shapers subsystem. It affects kernel versions up to 57885276cc16a2e2b76282c808a4e84cbecb3aae.
Am I affected by CVE-2026-43481 in Linux Kernel?
You are affected if your system is running a Linux Kernel version prior to 57885276cc16a2e2b76282c808a4e84cbecb3aae. Check your kernel version using 'uname -r'.
How do I fix CVE-2026-43481 in Linux Kernel?
Upgrade your Linux Kernel to version 57885276cc16a2e2b76282c808a4e84cbecb3aae or later. If immediate upgrade is not possible, monitor system logs for related errors.
Is CVE-2026-43481 being actively exploited?
Currently, there is no public evidence of active exploitation of CVE-2026-43481. However, the vulnerability's nature makes it a potential target for future exploitation.
Where can I find the official Linux advisory for CVE-2026-43481?
Refer to the Linux Kernel security announcements and mailing lists for the official advisory related to CVE-2026-43481. Check kernel.org for updates.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Try it now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...