CVE-2026-43184 - Vulnerability Details

- rnbd-srv: Zero the rsp buffer before using it

Description

In the Linux kernel, the following vulnerability has been resolved:

rnbd-srv: Zero the rsp buffer before using it

Before using the data buffer to send back the response message, zero it
completely. This prevents any stray bytes to be picked up by the client
side when there the message is exchanged between different protocol
versions.

Published: 2026-05-06

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The rnbd server in the Linux kernel reuses the response buffer without clearing it before sending data back to the client. As a result, leftover data from previous protocol exchanges can be returned to the client when legacy protocol versions are used. This can reveal sensitive information that should not be exposed, leading to a disclosure of confidential data.

Affected Systems

The flaw exists in the rnbd server component of the Linux kernel. All kernel releases that have not yet incorporated the patch that zeroes the response buffer are vulnerable. Since the affected product is the generic Linux kernel, any system running an unpatched kernel version with the rnbd service enabled is at risk.

Risk and Exploitability

The EPSS score for this vulnerability is < 1% and it is not listed in the CISA KEV catalog, indicating no known public exploitation. The CVSS score is 7.5, indicating a moderate to high severity. The likely attack vector is inferred to require triggering the rnbd service from within the kernel, typically through local or privileged access, or by a remote attacker who has already achieved kernel execution. Because the vulnerability can only be exploited when the rnbd service processes a request, it is considered a local or privilege-based threat with a moderate likelihood of exploitation pending additional context.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< e4272754063d52c9ad0169865add8816ba696471
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< e2cacec7d4291300a282feb3af8eba57b93b15aa
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< b646e54d23b9b592d612a2036aab14e0f6c14206
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< 30868a6a5238849d554295aff3ce61d242d7fad8
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< 7aac0a30dcf41cdb510526740d9a2ab1520c5d98
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< 852475278ca5e96e0c0275950e1a84203e602b33
`2de6c8de192b9341ffa5e84afe1ce6196d4eef41`	affected	< 69d26698e4fd44935510553809007151b2fe4db5

Linux

affected

Version	Status	Constraints
`5.8`	affected	—
`0`	unaffected	< 5.8
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e4272754063d52c9ad0169865add8816ba696471)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e2cacec7d4291300a282feb3af8eba57b93b15aa)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b646e54d23b9b592d612a2036aab14e0f6c14206)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,30868a6a5238849d554295aff3ce61d242d7fad8)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7aac0a30dcf41cdb510526740d9a2ab1520c5d98)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,852475278ca5e96e0c0275950e1a84203e602b33)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,69d26698e4fd44935510553809007151b2fe4db5)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Linux kernel patch that zeros the response buffer before use.
If upgrading the kernel is not immediately feasible, disable or restrict access to the rnbd service so no client can invoke it.
For environments that must remain on older kernels, back‑port the zero‑buffer change from the upstream commit and apply it as a local patch.

Generated by OpenCVE AI on May 11, 2026 at 23:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8
https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5
https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98
https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33
https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206
https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2
https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa
https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471
https://lore.kernel.org/linux-cve-announce/2026050640-CVE-2026-43184-17d4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43184
https://www.cve.org/CVERecord?id=CVE-2026-43184

History

Mon, 11 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Fri, 08 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Thu, 07 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-908
References		https://lore.kernel.org/linux-cve-announce/2026050640-CVE-2026-43184-17d4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43184 https://www.cve.org/CVERecord?id=CVE-2026-43184

Wed, 06 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchanged between different protocol versions.
Title		rnbd-srv: Zero the rsp buffer before using it
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8 https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5 https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98 https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33 https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206 https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2 https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:55.672Z

Updated: 2026-05-11T22:19:28.375Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43184

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:37.053

Modified: 2026-05-11T20:56:19.280

Link: CVE-2026-43184

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43184 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-11T23:15:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object