Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Padding Vulnerability in xfrm_user Component Allows Information Leak

Vulnerability

A vulnerability in the Linux kernel's xfrm_user component has been addressed. The issue stemmed from a one-byte padding gap in the xfrm_usersa_id structure, specifically after the protocol field. This gap was not properly initialized before the data was copied to userspace, leading to an unintentional information leak. The vulnerability has been fixed by ensuring the entire structure is zeroed out before individual variables are set. This issue affects the Linux kernel stable tree.

Impact

The vulnerability could lead to an information leak, allowing uninitialized data to be exposed to userspace.

Reproduction

The vulnerability can be reproduced by using the xfrm_user component in the Linux kernel. The uninitialized padding in the xfrm_usersa_id structure will cause an information leak when the data is copied to userspace.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.

Added: May 6, 2026, 10:53 AM
Updated: May 6, 2026, 10:53 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.