Skip to main content

Linux Kernel EUVDEUVD-2026-27574

| CVE-2026-43082 MEDIUM
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 01, 2026 - 20:01 vuln.today
CVSS changed
Jun 01, 2026 - 17:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: leave space for null terminators on property_entry

Lists of struct property_entry are supposed to be terminated with an empty property, this driver currently seems to be allocating exactly the amount of entry used.

Change the struct definition to leave an extra element for all property_entry.

AnalysisAI

Denial-of-service via off-by-one allocation in the Linux kernel txgbe network driver allows a local low-privileged user to crash the kernel on systems hosting Wangxun 10GbE NICs. The driver allocates property_entry struct lists without reserving the mandatory null-terminator sentinel slot, meaning kernel subsystems iterating over the list read beyond allocated memory bounds. No active exploitation has been identified and EPSS is extremely low (0.02%, 5th percentile), but patches are available across multiple stable kernel branches including 6.6.136, 6.12.83, 6.18.24, 6.19.14, and 7.0.

Technical ContextAI

The txgbe driver manages Wangxun 10GbE network adapter hardware within the Linux kernel networking subsystem (net/ethernet/wangxun). The Linux kernel uses struct property_entry arrays as firmware/device property descriptors, and by convention these arrays must be terminated with an empty (zeroed) sentinel entry - analogous to null-terminated strings. The driver was allocating exactly N slots for N properties, leaving no room for the required terminator. When kernel infrastructure iterates over such a list (e.g., during device probe or property lookup), it can read one element past the allocated buffer into adjacent memory. While no CWE is formally assigned in the input data, the root cause aligns with CWE-131 (Incorrect Calculation of Buffer Size) or CWE-193 (Off-by-One Error). The CPE identifier cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* confirms the affected product is the upstream Linux kernel. The vulnerability was introduced at commit c3e382ad6d15a8041ab8a168ad3ff90137ee8a45 and persists across multiple stable branches until the respective fix commits.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched stable release: 6.6.136, 6.12.83, 6.18.24, 6.19.14, or 7.0. Fix commits are available directly from the kernel stable tree at https://git.kernel.org/stable/c/00e1d650fa4b228ef1faea8e29effe4b4861e6e4 (6.18.x), https://git.kernel.org/stable/c/16eb3c2f86de9a21aefe7a6386607d4cd3947a77 (6.19.x), https://git.kernel.org/stable/c/8eff73e58e1f8fe991522acb863164319a7f7dd3 (6.6.x), https://git.kernel.org/stable/c/92c09262dac565a6b831fd724b81fe4ff76f51b4 (6.12.x), and https://git.kernel.org/stable/c/5a37d228799b0ec2c277459c83c814a59d310bc3 for additional branches. If immediate kernel upgrade is not feasible, a compensating control is to unload or blacklist the txgbe kernel module ('modprobe -r txgbe' and adding 'blacklist txgbe' to /etc/modprobe.d/) on systems where the Wangxun NIC is not operationally required - note this disables the NIC entirely. Additionally, restricting local shell access to untrusted users on systems with txgbe hardware eliminates the primary attack surface, given the AV:L requirement. Distribution-specific kernel packages from vendors (RHEL, SUSE, Ubuntu, Debian) may incorporate these fixes under different version numbers; consult your distribution's security advisories for confirmation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Image SLES-Azure-Basic Image SLES-EC2 Image SLES-Hardened-BYOS-Azure Image SLES-SAPCAL-Azure Affected
SUSE Linux Enterprise High Availability Extension 16.0 Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Micro 6.2 Fixed

Share

EUVD-2026-27574 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy