Description
In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: leave space for null terminators on property_entry

Lists of struct property_entry are supposed to be terminated with an
empty property, this driver currently seems to be allocating exactly the
amount of entry used.

Change the struct definition to leave an extra element for all
property_entry.
Published: 2026-05-06
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The txgbe driver in the Linux kernel allocates a property_entry array with a size that exactly matches the number of entries, leaving no space for the required terminating empty property. This off‑by‑one error can lead to an out‑of‑bounds write when the driver appends the terminator, corrupting kernel memory. Such corruption may manifest as a kernel panic or crash.

Affected Systems

All Linux kernel installations that employ the txgbe network driver before the relevant patch. The vulnerability is not tied to a specific kernel version in the data, so the workaround applies to any kernel running the unpatched txgbe driver.

Risk and Exploitability

Because the flaw resides in a kernel driver, exploitation requires local or privileged access and controlling the txgbe driver to manipulate the property_entry structure. The EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, implying no known active exploits. No CVSS score is provided in the public data, but a successful exploit could lead to kernel memory corruption that may cause crashes or instability. Overall, the risk remains moderate today, limited to systems where a local attacker can trigger the driver; remote exploitation is unlikely.

Generated by OpenCVE AI on May 7, 2026 at 06:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the txgbe patch that reserves space for the terminating property_entry.
  • If an update cannot be performed immediately, disable or unload the txgbe driver to prevent the out‑of‑bounds write.
  • Monitor system logs (e.g., dmesg, journalctl) for kernel panics or abnormal memory behavior that may indicate the vulnerability has been triggered.

Generated by OpenCVE AI on May 7, 2026 at 06:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-170
References

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: txgbe: leave space for null terminators on property_entry Lists of struct property_entry are supposed to be terminated with an empty property, this driver currently seems to be allocating exactly the amount of entry used. Change the struct definition to leave an extra element for all property_entry.
Title net: txgbe: leave space for null terminators on property_entry
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:22.658Z

Reserved: 2026-05-01T14:12:55.983Z

Link: CVE-2026-43082

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T10:16:21.377

Modified: 2026-05-06T13:08:07.970

Link: CVE-2026-43082

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43082 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T06:30:06Z

Weaknesses