目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2026-43050— Linux kernel 安全漏洞

AI 预测 7.8 利用难度: 困难 EPSS 0.12% · P2

影响版本矩阵 18

厂商产品版本范围状态
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 3e8b25f32f2f35549d03d77da030a24a45bdef5baffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 750a33f417f3d196b86375f8d9f8938bacf130feaffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 317843d5355062020649124eb4a0d7acbcc3f53eaffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< b256d055da47258e63f8b40965f276c5f23d229aaffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 3989740fa4978e1d2d51ecc62be1b01093e104adaffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< abc10f85a3965ac14b9ed7ad3e67b35604a63aa3affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 5fbbb1ff936d7ff9528d929c1549977e8123d8a8affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 922814879542c2e397b0e9641fd36b8202a8e555affected
… +10 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2026-43050 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
atm: lec: fix use-after-free in sock_def_readable()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sock_def_readable() A race condition exists between lec_atm_close() setting priv->lecd to NULL and concurrent access to priv->lecd in send_to_lecd(), lec_handle_bridge(), and lec_atm_send(). When the socket is freed via RCU while another thread is still using it, a use-after-free occurs in sock_def_readable() when accessing the socket's wait queue. The root cause is that lec_atm_close() clears priv->lecd without any synchronization, while callers dereference priv->lecd without any protection against concurrent teardown. Fix this by converting priv->lecd to an RCU-protected pointer: - Mark priv->lecd as __rcu in lec.h - Use rcu_assign_pointer() in lec_atm_close() and lecd_attach() for safe pointer assignment - Use rcu_access_pointer() for NULL checks that do not dereference the pointer in lec_start_xmit(), lec_push(), send_to_lecd() and lecd_attach() - Use rcu_read_lock/rcu_dereference/rcu_read_unlock in send_to_lecd(), lec_handle_bridge() and lec_atm_send() to safely access lecd - Use rcu_assign_pointer() followed by synchronize_rcu() in lec_atm_close() to ensure all readers have completed before proceeding. This is safe since lec_atm_close() is called from vcc_release() which holds lock_sock(), a sleeping lock. - Remove the manual sk_receive_queue drain from lec_atm_close() since vcc_destroy_socket() already drains it after lec_atm_close() returns. v2: Switch from spinlock + sock_hold/put approach to RCU to properly fix the race. The v1 spinlock approach had two issues pointed out by Eric Dumazet: 1. priv->lecd was still accessed directly after releasing the lock instead of using a local copy. 2. The spinlock did not prevent packets being queued after lec_atm_close() drains sk_receive_queue since timer and workqueue paths bypass netif_stop_queue(). Note: Syzbot patch testing was attempted but the test VM terminated unexpectedly with "Connection to localhost closed by remote host", likely due to a QEMU AHCI emulation issue unrelated to this fix. Compile testing with "make W=1 net/atm/lec.o" passes cleanly.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于atm lec驱动中lec_atm_close函数未同步清除priv->lecd指针,导致并发访问时在sock_def_readable中发生释放后重用。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ~ 3e8b25f32f2f35549d03d77da030a24a45bdef5b -
LinuxLinux 2.6.12 -

二、漏洞 CVE-2026-43050 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2026-43050 的情报信息

登录查看更多情报信息。

CVE-2026-43050 补丁与修复 (8)

同批安全公告 · Linux · 2026-05-01 · 共 146 条

CVE-2026-430119.8 CRITICALLinux kernel 安全漏洞
CVE-2026-317059.8 CRITICALLinux kernel 安全漏洞
CVE-2026-430379.8 CRITICALLinux kernel 缓冲区错误漏洞
CVE-2026-430389.8 CRITICALLinux kernel 安全漏洞
CVE-2026-430399.8 CRITICALLinux kernel 安全漏洞
CVE-2026-317189.8 CRITICALLinux kernel 安全漏洞
CVE-2026-317358.8 HIGHLinux kernel 安全漏洞
CVE-2026-430188.8 HIGHLinux kernel 安全漏洞
CVE-2026-317738.8 HIGHLinux kernel 安全漏洞
CVE-2026-317398.8 HIGHLinux kernel 安全漏洞
CVE-2026-317178.8 HIGHLinux kernel 安全漏洞
CVE-2026-317098.8 HIGHLinux kernel 安全漏洞
CVE-2026-430488.8 HIGHLinux kernel 安全漏洞
CVE-2026-317068.8 HIGHLinux kernel 安全漏洞
CVE-2026-317128.3 HIGHLinux kernel 安全漏洞
CVE-2026-317088.1 HIGHLinux kernel 安全漏洞
CVE-2026-317798.1 HIGHLinux kernel 安全漏洞
CVE-2026-430518.1 HIGHLinux kernel 安全漏洞
CVE-2026-317718.1 HIGHLinux kernel 安全漏洞
CVE-2026-317727.8 HIGHLinux kernel 安全漏洞

显示前 20 条,共 146 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-43050

暂无评论


发表评论