Skip to main content

Linux Kernel CVE-2026-43457

| EUVDEUVD-2026-28763 MEDIUM
Memory Leak (CWE-401)
2026-05-08 Linux GHSA-2mxh-qrpv-mfvx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 16:53 vuln.today
CVSS changed
May 21, 2026 - 16:52 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:22 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mctp: i2c: fix skb memory leak in receive path

When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_rx(), it needs to free the skb directly.

AnalysisAI

Memory leak in the Linux kernel's MCTP I2C driver receive path allows a local authenticated attacker to progressively exhaust kernel slab memory, resulting in denial of service. The flaw exists in all kernel versions from 5.18 (when the MCTP I2C driver was introduced at commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8) through multiple stable branches now addressed by patches in 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0. No public exploit identified at time of analysis; the EPSS score of 0.02% (7th percentile) confirms very low exploitation probability, consistent with the niche deployment context of MCTP I2C interfaces.

Technical ContextAI

The affected subsystem is the Linux kernel's MCTP (Management Component Transport Protocol) I2C driver, which enables MCTP communication over I2C bus interfaces - a protocol primarily used in server platform management environments for BMC-to-host communication. CWE-401 (Missing Release of Memory after Effective Lifetime) identifies the root cause: the receive path allocates a socket buffer (skb) to hold incoming I2C frame data, but when midev->allow_rx evaluates to false, the code bypasses the netif_rx() call that would normally hand skb ownership to the network stack for eventual freeing. No explicit kfree_skb() is called on this conditional branch, so the allocated memory is permanently leaked. Repeated triggering of this path - possible whenever MCTP I2C receive events occur during a period when allow_rx is false (typically during interface initialization or teardown) - can progressively exhaust kernel slab allocations. CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

Upgrade to a patched Linux kernel version: 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, or 7.0, as documented in EUVD-2026-28763. Distribution users should apply updates via standard package management (e.g., apt upgrade linux-image on Debian/Ubuntu, dnf update kernel on RHEL/Fedora) and reboot into the patched kernel. If an immediate kernel upgrade is not operationally feasible, a targeted compensating control is to unload or blacklist the mctp-i2c kernel module (modprobe -r mctp-i2c or adding blacklist mctp-i2c to /etc/modprobe.d/) - this eliminates the vulnerable code path entirely with no functional impact on systems that do not use MCTP over I2C. Caution: on server hardware relying on MCTP I2C for BMC communication (e.g., platform telemetry or firmware updates), disabling the module may interrupt platform management channels. Fix commits for manual backporting are at https://git.kernel.org/stable/c/0fb2adbdd5c03e8c9ebcdc48afd414b2724c85eb.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy