CVE-2026-43035
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability in the Linux kernel leaks kernel heap memory to userspace via the tc_chain_fill_node() function, which fails to initialize the tcm_info field of the tcmsg structure before sending netlink messages, exposing 4 bytes of uninitialized memory.
Risk Assessment
A local attacker could exploit this flaw to read sensitive kernel memory, potentially leading to privilege escalation or disclosure of confidential system information.
Recommendation
Immediately update the Linux kernel to a version containing the fix that zero-initializes the tcm_info field. Monitor security advisories from your Linux distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized.

