CVE-2026-3038
HIGHCVSS v3
7.5
HIGH
EPSS Score
0.0%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack fra
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 3/9/2026
- Last Modified
- 3/17/2026
Frequently Asked Questions
What is CVE-2026-3038?
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack fra
Is CVE-2026-3038 actively exploited?
Active exploitation of CVE-2026-3038 has not been confirmed. The EPSS score is 0.0%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-3038?
CVE-2026-3038 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Is CVE-2026-3038 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.