CVE-2026-43083

In the Linux kernel, the following vulnerability has been resolved:  net: ioam6: fix OOB and missing lock  When trace->type.bit6 is set:      if (trace->type.bit6) {         ...         queue = skbgettxqueue(dev, skb);         qdisc = rcudereference(queue->qdisc);  This code can lead to an out-of-bounds access of the dev->tx[] array when isinput is true. In such a case, the packet is on the RX path and skb->queuemapping contains the RX queue index of the ingress device. If the ingress device has more RX queues than the egress device (dev) has TX queues, skbgetqueuemapping(skb) will exceed dev->numtxqueues. Add a check to avoid this situation since skbgettxqueue() does not clamp the index. This issue has also revealed that per queue visibility cannot be accurate and will be replaced later as a new feature.  While at it, add missing lock around qdiscqstatsqlenbacklog(). The function _ioam6filltracedata() is called from both softirq and process contexts, hence the use of spinlockbh() here.