CVE-2026-43208

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: do not pass flow_id to set_rps_cpu()

Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change.

Compute flow_id in set_rps_cpu(), do not assume we can use the value computed by get_rps_cpu(). Otherwise we risk out-of-bound access and/or crashes.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux48aa30443e52c9666d5cd5e67532e475f212337e < 5455a232edea6b946b99449f15ca771a8874a5a6affected
LinuxLinux48aa30443e52c9666d5cd5e67532e475f212337e < ed712dc0d64dee5f0d05e4d8ca57711f8a9c850caffected
LinuxLinux48aa30443e52c9666d5cd5e67532e475f212337e < 8a8a9fac9efa6423fd74938b940cb7d731780718affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References