Skip to main content

Linux Kernel CVE-2026-43296

| EUVDEUVD-2026-28566 HIGH
Improper Locking (CWE-667)
2026-05-08 Linux GHSA-7rmq-9hg9-v4q5
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 10:30 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
May 08, 2026 - 14:02 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 13:11 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: Workaround SQM/PSE stalls by disabling sticky

NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated.

work around these hardware errata by:

  • Disabling SQM sticky operation:
  • Clear TM6 (bit 15)
  • Clear TM11 (bit 14)
  • Disabling sticky → non-sticky transition path that can deadlock PSE:
  • Clear TM5 (bit 23)
  • Preventing credit drops by keeping the control-flow clock enabled:
  • Set TM9 (bit 21)

These changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this configuration the SQM/PSE maintain forward progress under load without credit loss, at the cost of disabling sticky optimizations.

AnalysisAI

Denial of service in Linux kernel octeontx2-af network driver allows remote unauthenticated attackers to trigger system stalls and deadlocks via network traffic that exploits hardware errata in Marvell OcteonTX2 NIX SQ manager. The vulnerability affects Linux kernel versions from mainline through multiple stable branches, with vendor patches released for 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and mainline 7.0. EPSS exploitation probability is low at 0.02% (7th percentile), and no public exploit or active exploitation is confirmed at time of analysis.

Technical ContextAI

This vulnerability resides in the octeontx2-af (OcteonTX2 Admin Function) driver, which manages Marvell OcteonTX2 network acceleration hardware used in data center and edge networking applications. The issue stems from hardware errata in the NIX (Network Interface Controller) SQ Manager (SQM) and Packet Send Engine (PSE) components. When multiple Send Queues (SQs) share a Scheduled/Metered Queue (SMQ) and transmit concurrently with sticky mode enabled, the hardware can enter stall states. The PSE component has a separate deadlock condition during transitions between sticky and non-sticky transmission modes. A third hardware defect causes credit accounting failures when certain control-flow clocks are gated. The fix works around these silicon-level defects by modifying the NIX_AF_SQM_DBG_CTL_STATUS register to disable sticky optimizations (clearing TM6 bit 15, TM11 bit 14, TM5 bit 23) and forcing control-flow clocks to remain active (setting TM9 bit 21). While the CVSS vector indicates network-based attack (AV:N), this reflects that malicious network traffic can trigger the hardware stalls, causing availability impact.

RemediationAI

Update to patched Linux kernel versions: 5.10.252 or later for 5.10.x series, 5.15.202 or later for 5.15.x, 6.1.165 or later for 6.1.x, 6.6.128 or later for 6.6.x, 6.12.75 or later for 6.12.x, 6.18.16 or later for 6.18.x, 6.19.6 or later for 6.19.x, or upgrade to mainline kernel 7.0 or later. Patches are available from kernel.org Git stable tree (see references https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c and related backport commits). For systems that cannot immediately upgrade, temporary mitigation involves avoiding concurrent multi-queue transmissions on OcteonTX2 NIX hardware by limiting active transmit queues per SMQ, though this degrades network performance and throughput. Alternatively, if OcteonTX2 acceleration is not required for the workload, unload the octeontx2-af and related driver modules and use standard Linux network drivers, accepting the loss of hardware offload capabilities. Note that these workarounds significantly impact network performance and are only viable as short-term risk reduction measures until kernel patching can be performed. The vendor-supplied patches implement hardware errata workarounds with minimal performance impact compared to driver-level mitigations.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy