CVE-2026-43373
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ncsi: fix skb leak in error paths
Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak.
Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 9891d7f4f1ede473c54b49776ae07755083eef06 | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < fef5aa6e3bcf3c8053307642663a63b7362d7552 | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 59962588197863d0d746879f193905c0c6b3df49 | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 553366c271479c0d571dd1bb5d1bcde4747fb82e | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < b70c4e5e711931cdd56e6e905737b72f1e649189 | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 87138dde2d6937b12b967f28fe598a7d59000ae4 | affected |
| Linux | Linux | 138635cc27c9737f940c3aa80912ff7a61c825af < 5c3398a54266541610c8d0a7082e654e9ff3e259 | affected |
| Linux | Linux | 4.8 | affected |
| Linux | Linux | 0 < 4.8 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.130 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.78 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.19 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.9 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9891d7f4f1ede473c54b49776ae07755083eef06
- https://git.kernel.org/stable/c/fef5aa6e3bcf3c8053307642663a63b7362d7552
- https://git.kernel.org/stable/c/81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a
- https://git.kernel.org/stable/c/59962588197863d0d746879f193905c0c6b3df49
- https://git.kernel.org/stable/c/553366c271479c0d571dd1bb5d1bcde4747fb82e
- https://git.kernel.org/stable/c/b70c4e5e711931cdd56e6e905737b72f1e649189
- https://git.kernel.org/stable/c/87138dde2d6937b12b967f28fe598a7d59000ae4
- https://git.kernel.org/stable/c/5c3398a54266541610c8d0a7082e654e9ff3e259
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.