Skip to main content

Linux Kernel CVE-2026-43102

| EUVDEUVD-2026-27614 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 17:37 vuln.today
CVSS changed
May 11, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Fix memory leak in airoha_qdma_rx_process()

If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC or if we consumed all the available fragments for the skb), the page_pool fragment will not be linked to the skb so it will not return to the pool in the airoha_qdma_rx_process() error path. Fix the memory leak partially reverting commit 'd6d2b0e1538d ("net: airoha: Fix page recycling in airoha_qdma_rx_process()")' and always running page_pool_put_full_page routine in the airoha_qdma_rx_process() error path.

AnalysisAI

Memory leak in the Airoha QDMA RX packet processing function allows local authenticated attackers to cause a denial of service through resource exhaustion. The vulnerability occurs when page pool fragments fail to properly return to the pool during error handling in airoha_qdma_rx_process(), allowing an attacker with local access and low privileges to exhaust kernel memory and crash the system. EPSS exploitation probability is extremely low at 0.02%, reflecting the local-only attack vector and privilege requirement.

Technical ContextAI

The Airoha QDMA driver is a network interface controller driver in the Linux kernel responsible for DMA-based packet reception and buffer management. The vulnerability resides in the airoha_qdma_rx_process() function, which handles multi-buffer packet assembly using the kernel's page_pool allocation mechanism. When processing non-linear skb (socket buffer) frames, if an error occurs during fragment processing (such as invalid payload length reported by hardware or fragment exhaustion), the code fails to properly return allocated page pool fragments to the pool in the error path. This is classified as a resource management failure (CWE-401: Missing Release of Memory after Effective Lifetime). The issue was partially masked by a prior commit (d6d2b0e1538d) that attempted to optimize page recycling but inadvertently created the leak condition.

RemediationAI

Update the Linux kernel to version 6.18.24 or later (6.18 stable branch), 6.19.14 or later (6.19 stable branch), or 7.0 and later (mainline). The fix reverts the problematic page recycling optimization and ensures page_pool_put_full_page() is always called in the error path of airoha_qdma_rx_process(), guaranteeing fragment return to the pool. Distributions should apply the backported fix commits 4429b761874fb9c7767d12d98913a467ef2654f1, 7ee0063fbab8aea8f4e4e3165f541bf898b77b80, or 285fa6b1e03cff78ead0383e1b259c44b95faf90 depending on stable branch. No workaround exists without patching; the only mitigation is to restrict unprivileged user access to systems using Airoha QDMA NICs (cpe:2.3:a:airoha:*), though this may be impractical in shared hosting environments. Verify driver presence via 'lsmod | grep airoha' before prioritizing patching for specific systems.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy