{
  "repository": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
  "commit_source": "kernel_package_metadata",
  "commit_sha": null,
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "48f6a5356a33dd78e7144ae1faef95ffc990aae0",
    "version": "v7.1-rc5",
    "ref": "refs/tags/v7.1-rc5",
    "display": "CVE-2026-43503 upstream fix 48f6a5356a33 (v7.1-rc5)"
  },
  "variant_target": {
    "target_kind": "kernel_package",
    "commit_sha": null,
    "version": "7.0.10-070010-generic",
    "ref": "Ubuntu mainline 7.0.10 package 202605231316",
    "display": "Ubuntu mainline 7.0.10-070010-generic (v7.0.10 stable backport)"
  },
  "notes": "The tested fixed runtime is the prebuilt Ubuntu mainline kernel package linux-image-unsigned-7.0.10-070010-generic_7.0.10-070010.202605231316_amd64.deb from the project cache. The package is based on the upstream v7.0.10 stable tag, which backports commit 48f6a5356a33 (CVE-2026-43503) and also includes the CVE-2026-46300 skb_try_coalesce fix. The exact underlying git commit of the Ubuntu package is not available in the cache; the kernel version string observed at runtime is '7.0.10-070010-generic #202605231316'."
}
