In the Linux kernel, the following vulnerability has been resolved:
net: sched: clsapi: fix tcchainfillnode to initialize tcm_info to zero to prevent an info-leak
When building netlink messages, tcchainfillnode() never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field.
The fix simply zeroes tcm_info alongside the other fields that are already initialized.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43035.json"
}