Skip to main content

Linux Kernel EUVDEUVD-2026-27720

| CVE-2026-43157 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-vgjg-qrh9-w8x6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 12:01 vuln.today
CVSS changed
May 13, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: CGX: fix bitmap leaks

The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit(). Unbinding and rebinding the driver therefore triggers kmemleak:

unreferenced object (size 16): backtrace: rvu_alloc_bitmap cgx_probe

Free both bitmaps during teardown.

AnalysisAI

Memory leak in the Linux kernel's octeontx2-af CGX driver causes kernel resource exhaustion on systems using Marvell OcteonTX2 network hardware. The rx_fc_pfvf_bmap and tx_fc_pfvf_bmap bitmaps allocated during cgx_lmac_init() are never freed in cgx_lmac_exit(), meaning each unbind/rebind cycle of the driver leaks 16 bytes of kernel memory, detectable via kmemleak. No public exploit is identified at time of analysis, and with an EPSS of 0.02% (7th percentile), real-world exploitation risk is negligible; this is a correctness and stability issue rather than an active security threat.

Technical ContextAI

The vulnerability resides in the octeontx2-af CGX (LMAC) subsystem of the Linux kernel, which manages the network MAC layer for Marvell OcteonTX2 SoC-based NICs. During driver initialization via cgx_lmac_init(), two bitmaps - rx_fc_pfvf_bmap and tx_fc_pfvf_bmap - are dynamically allocated via rvu_alloc_bitmap() to track per-PF/VF flow control state for RX and TX paths. The corresponding teardown function cgx_lmac_exit() omits freeing these bitmaps, violating paired alloc/free discipline. CWE-401 (Missing Release of Memory after Effective Lifetime) precisely describes this root cause: allocated heap objects outlive their logical lifetime because the cleanup path is incomplete. The CPE data (cpe:2.3:a:linux:linux) confirms this affects the mainline Linux kernel. The kmemleak subsystem surfaces the leak as an unreferenced 16-byte object traced back to cgx_probe, making it reliably detectable in debug kernels.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel version: 6.1.165 or later in the 6.1 stable series, 6.6.128 or later in the 6.6 series, 6.12.75 or later in the 6.12 series, 6.18.16 or later in the 6.18 series, 6.19.6 or later in the 6.19 series, or 7.0 for mainline. Fix commits are available at https://git.kernel.org/stable/c/ccef79af58b43787c25710c9da96651c6ddfe50f and the other stable-branch commits referenced in the CVE. For Red Hat and SUSE enterprise users, apply the relevant vendor kernel errata when published. As a compensating control on non-patchable systems, avoid frequent unbind/rebind cycles of the octeontx2-af driver (e.g., disable automated driver restart scripts or hot-plug testing on OcteonTX2 NICs); this limits leak accumulation without eliminating it. Systems can be monitored for the leak using CONFIG_DEBUG_KMEMLEAK kernel debug builds, though this is not a production control. No workaround eliminates the leak without a kernel patch.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27720 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy