CVE

DEBIAN-CVE-2026-43011

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and return...

Back to all

CVE

DEBIAN-CVE-2026-43011

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When allocskb fails in x25queuerxframe it calls kfreeskb(skb) at line 48 and returns 1 (error). This error propagates back through the call chain: x25queuerxframe returns 1 | v x25state3machine receives the return value 1 and takes the else branch at line 278, setting queued=0 and returning 0 | v x25processrxframe returns queued=0 | v x25backlogrcv at line 452 sees queued=0 and calls kfreeskb(skb) again This would free the same skb twice. Looking at x25backlogrcv: net/x25/x25in.c:x25backlogrcv() { ... queued = x25processrxframe(sk, skb); ... if (!queued) kfree_skb(skb); }

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2026-43011

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

6.1.170-1,6.12.85-1,6.19.12-1,6.1.170-1~deb11u1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

DEBIAN-CVE-2026-43011

DEBIAN-CVE-2026-43011

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly