CVE-2026-43125 - Vulnerability Details

- dlm: validate length in dlm_search_rsb_tree

Description

In the Linux kernel, the following vulnerability has been resolved:

dlm: validate length in dlm_search_rsb_tree

The len parameter in dlm_dump_rsb_name() is not validated and comes
from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can
cause out-of-bounds write in dlm_search_rsb_tree().

Add length validation to prevent potential buffer overflow.

Published: 2026-05-06

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel Data Lock Manager module accepts a length value sent in network‑originated messages without validating it against the defined maximum. When the length surpasses DLM_RESNAME_MAXLEN, the kernel performs an out‑of‑bounds write while searching the RSB tree, creating a classic buffer overflow that can corrupt kernel memory. This represents a buffer overrun flaw (CWE‑130) combined with uncontrolled memory access (CWE‑787). Depending on kernel structure, such memory corruption could allow an attacker to execute arbitrary code with kernel privileges. The likely attack vector is remote via the DLM network service, as the vulnerability is triggered by crafted network messages.

Affected Systems

All Linux kernel variants that retain the unpatched DLM implementation are affected. This includes any distribution that ships the default kernel and has not applied the commit introducing length validation. Exact kernel versions are not enumerated, so any kernel built from source containing the vulnerable code before the patch is susceptible.

Risk and Exploitability

Because the vulnerability is remote‑accessible through the DLM network service, an attacker can send a crafted packet containing an oversized length value to trigger the overflow. The CVSS score is 9.8, and EPSS score of < 1% indicates a very low probability of exploitation, despite the high severity. The vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7210cb7a72a22303cdb225bd1aea28697a17bbae`	affected	< 67288113c5e6cf9e659b4065c0ed6f16100e0c71
`7210cb7a72a22303cdb225bd1aea28697a17bbae`	affected	< 082083c9fbd99422a0370fe2102144a231c9f5d6
`7210cb7a72a22303cdb225bd1aea28697a17bbae`	affected	< 5f053a2e7209d326cbbc07738fa6d6893d307438
`7210cb7a72a22303cdb225bd1aea28697a17bbae`	affected	< 080e5563f878c64e697b89e7439d730d0daad882

Linux

affected

Version	Status	Constraints
`3.4`	affected	—
`0`	unaffected	< 3.4
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,67288113c5e6cf9e659b4065c0ed6f16100e0c71)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,082083c9fbd99422a0370fe2102144a231c9f5d6)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,5f053a2e7209d326cbbc07738fa6d6893d307438)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,080e5563f878c64e697b89e7439d730d0daad882)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel update that incorporates the length‑validation commit (080e5563f878c64e697b89e7439d730d0daad882 or equivalent).
Reboot the system so the updated kernel is loaded into memory.
If an update cannot be applied immediately, block or disable all traffic to the DLM network interface until a patched kernel is installed.

Generated by OpenCVE AI on May 8, 2026 at 22:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/080e5563f878c64e697b89e7439d730d0daad882
https://git.kernel.org/stable/c/082083c9fbd99422a0370fe2102144a231c9f5d6
https://git.kernel.org/stable/c/5f053a2e7209d326cbbc07738fa6d6893d307438
https://git.kernel.org/stable/c/67288113c5e6cf9e659b4065c0ed6f16100e0c71
https://lore.kernel.org/linux-cve-announce/2026050619-CVE-2026-43125-c9f9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43125
https://www.cve.org/CVERecord?id=CVE-2026-43125

History

Fri, 08 May 2026 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119

Fri, 08 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787

Fri, 08 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-130
References		https://lore.kernel.org/linux-cve-announce/2026050619-CVE-2026-43125-c9f9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43125 https://www.cve.org/CVERecord?id=CVE-2026-43125
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 06 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation to prevent potential buffer overflow.
Title		dlm: validate length in dlm_search_rsb_tree
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/080e5563f878c64e697b89e7439d730d0daad882 https://git.kernel.org/stable/c/082083c9fbd99422a0370fe2102144a231c9f5d6 https://git.kernel.org/stable/c/5f053a2e7209d326cbbc07738fa6d6893d307438 https://git.kernel.org/stable/c/67288113c5e6cf9e659b4065c0ed6f16100e0c71

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:10.903Z

Updated: 2026-05-11T22:18:14.426Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43125

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:29.450

Modified: 2026-05-08T17:57:31.783

Link: CVE-2026-43125

Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43125 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T22:15:18Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object