CVE-2026-43042

Source
https://cve.org/CVERecord?id=CVE-2026-43042
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43042.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43042
Downstream
Related
Published
2026-05-01T14:15:38.882Z
Modified
2026-07-08T08:02:14.462963568Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
mpls: add seqcount to protect the platform_label{,s} pair
Details

In the Linux kernel, the following vulnerability has been resolved:

mpls: add seqcount to protect the platform_label{,s} pair

The RCU-protected codepaths (mplsforward, mplsdumproutes) can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize (resizeplatformlabeltable, under platform_mutex). This can lead to OOB accesses.

This patch adds a seqcount, so that we get a consistent snapshot.

Note that mplslabelok is also susceptible to this, so the check against RTADST in rtmtorouteconfig, done outside platformmutex, is not sufficient. This value gets passed to mplslabelok once more in both mplsrouteadd and mplsroute_del, so there is no issue, but that additional check must not be removed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43042.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7720c01f3f590116882e251f13c7e1d5602f8643
Fixed
5bb3caf0bbfb56f1a00d2af072ac3d8395a3b9ef
Fixed
629ec78ef8608d955ce217880cdc3e1873af3a15

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43042.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43042.json"