CVE-2026-43184 - Vulnerability Details

- rnbd-srv: Zero the rsp buffer before using it

Description

In the Linux kernel, the following vulnerability has been resolved:

rnbd-srv: Zero the rsp buffer before using it

Before using the data buffer to send back the response message, zero it
completely. This prevents any stray bytes to be picked up by the client
side when there the message is exchanged between different protocol
versions.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability occurs in the Linux kernel rnbd server when the response buffer is used without zeroing it, allowing stale data from previous protocol exchanges to leak to a client. The result is that a client can read data that it should not have access to, thereby exposing confidential information. No integrity or availability impact is described in the available information.

Affected Systems

All Linux kernels that run the rnbd server are potentially affected; the exact versions are not listed, so any kernel containing the unpatched rnbd_s code should be considered at risk until the patch is applied.

Risk and Exploitability

There is no EPSS score or CVSS value provided, and the vulnerability is not listed in CISA KEV. Because the bug involves a memory leak within kernel space, the most likely attack vector is a local attacker with kernel privileges or a victim of a kernel exploitation that can read the leaked buffer. The lack of detailed metrics suggests a moderate risk, but any exploitation would compromise confidentiality.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< e4272754063d52c9ad0169865add8816ba696471
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< e2cacec7d4291300a282feb3af8eba57b93b15aa
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b646e54d23b9b592d612a2036aab14e0f6c14206
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 30868a6a5238849d554295aff3ce61d242d7fad8
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 7aac0a30dcf41cdb510526740d9a2ab1520c5d98
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 852475278ca5e96e0c0275950e1a84203e602b33
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 69d26698e4fd44935510553809007151b2fe4db5

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e4272754063d52c9ad0169865add8816ba696471)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e2cacec7d4291300a282feb3af8eba57b93b15aa)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b646e54d23b9b592d612a2036aab14e0f6c14206)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,30868a6a5238849d554295aff3ce61d242d7fad8)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7aac0a30dcf41cdb510526740d9a2ab1520c5d98)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,852475278ca5e96e0c0275950e1a84203e602b33)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,69d26698e4fd44935510553809007151b2fe4db5)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest stable release that includes the patch for rnbd-srv zeroing the rsp buffer
If a quick kernel upgrade is not possible, restrict or disable the rnbd service on the host to eliminate the exposure
After applying the patch, verify that the rsp buffer is correctly zeroed by inspecting the source or providing a local test that asserts no stale data is returned

Generated by OpenCVE AI on May 6, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8
https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5
https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98
https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33
https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206
https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2
https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa
https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471

History

Wed, 06 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchanged between different protocol versions.
Title		rnbd-srv: Zero the rsp buffer before using it
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8 https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5 https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98 https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33 https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206 https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2 https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:55.672Z

Updated: 2026-05-06T11:27:55.672Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43184

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:37.053

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43184

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T16:15:06Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object