Volerion logoVolerion
Volerion logoVolerion

Linux Kernel PF_KEY Export Aligned Socket Address Tail Vulnerability

Vulnerability

A vulnerability in the Linux kernel's PF_KEY export paths can lead to an uninitialized socket address issue for IPv6. While PF_KEY reserves 32 bytes for IPv6 addresses, the function that fills this data only initializes the first 28 bytes, leaving the last 4 bytes uninitialized. This vulnerability affects specific PF_KEY export messages, but not all. The issue has been addressed by modifying the export paths to properly clear the uninitialized bytes.

Impact

Exploitation of this vulnerability could result in the transmission of uninitialized data over the network, potentially leading to undefined behavior or information disclosure.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: May 6, 2026, 10:53 AM
Updated: May 6, 2026, 10:53 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.0
remediation
7.7
relevance
7.6
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.