Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-43481— net-shapers: don't free reply skb after genlmsg_reply()

AI Predicted 5.5 Difficulty: Moderate EPSS 0.02% · P4

Affected Version Matrix 8

VendorProductVersion RangeStatus
LinuxLinux4b623f9f0f59652ea71fcb27d60b4c3b65126dbb< 8738dcc844fff7d0157ee775230e95df3b1884d7affected
4b623f9f0f59652ea71fcb27d60b4c3b65126dbb< 83f7b54242d0abbfce35a55c01322f50962ed3eeaffected
4b623f9f0f59652ea71fcb27d60b4c3b65126dbb< 57885276cc16a2e2b76282c808a4e84cbecb3aaeaffected
6.13affected
< 6.13unaffected
6.18.19≤ 6.18.*unaffected
6.19.9≤ 6.19.*unaffected
7.0≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43481

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net-shapers: don't free reply skb after genlmsg_reply()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and keep free_msg only for pre-reply failures.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于net_shaper_nl_get_doit和net_shaper_nl_cap_get_doit函数在genlmsg_reply失败后错误地调用nlmsg_free,可能导致双重释放回复skb。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb ~ 8738dcc844fff7d0157ee775230e95df3b1884d7 -
LinuxLinux 6.13 -

II. Public POCs for CVE-2026-43481

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43481

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-05-13 · 14 CVEs total

CVE-2026-43489liveupdate: luo_file: remember retrieve() status
CVE-2026-43487ata: libata-core: Disable LPM on ST1000DM010-2EP102
CVE-2026-43488usb: xhci: Prevent interrupt storm on host controller error (HCE)
CVE-2026-43485nouveau/gsp: drop WARN_ON in ACPI probes
CVE-2026-43486arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults
CVE-2026-43484mmc: core: Avoid bitfield RMW for claim/retune flags
CVE-2026-43482sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
CVE-2026-43483KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
CVE-2026-43480ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
CVE-2026-43479net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
CVE-2026-43477drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL
CVE-2026-43478ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put
CVE-2026-43476iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-43481

No comments yet

Leave a comment