2464429 – (CVE-2026-43042) CVE-2026-43042 kernel: mpls: add seqcount to protect the platform_label{,s} pair

Bug 2464429 (CVE-2026-43042) - CVE-2026-43042 kernel: mpls: add seqcount to protect the platform_label{,s} pair

Summary: CVE-2026-43042 kernel: mpls: add seqcount to protect the platform_label{,s} pair

Keywords:
Status:	NEW
Alias:	CVE-2026-43042
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-01 15:06 UTC by OSIDB Bzimport
Modified:	2026-05-01 18:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-01 15:06:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

mpls: add seqcount to protect the platform_label{,s} pair

The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have
an inconsistent view of platform_labels vs platform_label in case of a
concurrent resize (resize_platform_label_table, under
platform_mutex). This can lead to OOB accesses.

This patch adds a seqcount, so that we get a consistent snapshot.

Note that mpls_label_ok is also susceptible to this, so the check
against RTA_DST in rtm_to_route_config, done outside platform_mutex,
is not sufficient. This value gets passed to mpls_label_ok once more
in both mpls_route_add and mpls_route_del, so there is no issue, but
that additional check must not be removed.

Comment 1 Keith Grant 2026-05-01 18:09:02 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050104-CVE-2026-43042-8e66@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.