CVE-2026-43184

HIGH

rnbd-srv: Zero the rsp buffer before using it

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchanged between different protocol versions.

Scores

CVSS v3 7.5
EPSS 0.0044
EPSS Percentile 35.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (34)
linux/Kernel 5.11.0 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 5.8.0 - 5.10.252linux
linux/Kernel 6.13.0 - 6.18.16linux
linux/Kernel 6.19.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 5.8
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 30868a6a5238849d554295aff3ce61d242d7fad8
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 69d26698e4fd44935510553809007151b2fe4db5
... and 24 more
Published May 06, 2026
Tracked Since May 06, 2026