Description
In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame

The current headroom validation in xdp_umem_reg() could leave us with
insufficient space dedicated to even receive minimum-sized ethernet
frame. Furthermore if multi-buffer would come to play then
skb_shared_info stored at the end of XSK frame would be corrupted.

HW typically works with 128-aligned sizes so let us provide this value
as bare minimum.

Multi-buffer setting is known later in the configuration process so
besides accounting for 128 bytes, let us also take care of tailroom space
upfront.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the UMEM headroom validation performed during XDP UMEM registration. The kernel fails to reserve adequate space for even the smallest Ethernet frame, and does not consider the 128‑byte tailroom required by hardware alignment. This oversight means the tail of an XDP frame can overwrite the skb_shared_info structure that follows the data, potentially corrupting kernel memory. The issue involves an incorrect buffer size calculation (CWE-131). Such corruption could trigger a crash or lead to denial of service.

Affected Systems

All Linux kernel builds where the XDP UMEM interface is enabled are affected, as the vulnerability is present in the generic xdp_umem_reg implementation. No specific kernel version range is listed, so any version requiring this registration path may be compromised until patched.

Risk and Exploitability

The CVSS score of 7.8 indicates a high potential impact. The EPSS score of <1% suggests a low probability of exploitation at the current time. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits. Based on the description, it is inferred that the flaw could allow an attacker who can inject malicious packets into the network stack to trigger memory corruption in the kernel through XDP processing on a system with misconfigured UMEM spaces. The likelihood of successful exploitation depends on the attacker’s ability to influence this specific XDP path, a conclusion drawn from the input.

Generated by OpenCVE AI on May 19, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the UMEM headroom validation fix as referenced in the CVE patches.
  • Ensure that all XDP UMEM registrations reserve at least the minimum headroom plus 128 bytes of tailroom before packet processing.
  • Monitor kernel logs for sudden crashes or Oops that may indicate buffer corruption after applying changes.

Generated by OpenCVE AI on May 19, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:5.7:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.7:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-785

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-785

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore if multi-buffer would come to play then skb_shared_info stored at the end of XSK frame would be corrupted. HW typically works with 128-aligned sizes so let us provide this value as bare minimum. Multi-buffer setting is known later in the configuration process so besides accounting for 128 bytes, let us also take care of tailroom space upfront.
Title xsk: tighten UMEM headroom validation to account for tailroom and min frame
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:15.235Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43093

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:22.667

Modified: 2026-05-19T20:40:28.657

Link: CVE-2026-43093

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43093 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T21:30:14Z

Weaknesses