Description
In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Fix memory leak in airoha_qdma_rx_process()

If an error occurs on the subsequents buffers belonging to the
non-linear part of the skb (e.g. due to an error in the payload length
reported by the NIC or if we consumed all the available fragments for
the skb), the page_pool fragment will not be linked to the skb so it will
not return to the pool in the airoha_qdma_rx_process() error path. Fix the
memory leak partially reverting commit 'd6d2b0e1538d ("net: airoha: Fix
page recycling in airoha_qdma_rx_process()")' and always running
page_pool_put_full_page routine in the airoha_qdma_rx_process() error
path.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory leak was identified in the Linux kernel airoha driver when processing non-linear socket buffers in airoha_qdma_rx_process(). Errors such as invalid packet payload lengths or exhaustion of buffer fragments cause the driver to skip returning a page pool fragment to the pool, leading to gradual consumption of kernel memory. Over time this can deplete available memory, resulting in system instability or a denial of service. Based on the description, it is inferred that a remote attacker could send crafted packets to the NIC, triggering the error path and the memory leak.

Affected Systems

The flaw affects any Linux kernel installation that includes the airoha driver for QDMA network interfaces. Specific kernel versions are not listed, so any supported kernel running that driver is potentially vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity risk, and the EPSS score of < 1% suggests a very low exploitation probability. Based on the description, it is inferred that an attacker could craft packets to the vulnerable NIC, triggering the error path and causing memory exhaustion, making this a moderate-risk denial of service vulnerability. The vulnerability is not listed in CISA’s KEV catalog, indicating no known active exploitation at this time.

Generated by OpenCVE AI on May 11, 2026 at 19:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that incorporates the airoha_qdma_rx_process() fix, which ensures page_pool_put_full_page is called on errors.
  • If a kernel upgrade is not currently available, apply the patch provided by the kernel maintainers that restores the missing page return logic (the commit referenced in the advisory).
  • After applying the fix, monitor kernel memory usage and verify that the page pool size does not grow unexpectedly during network traffic.

Generated by OpenCVE AI on May 11, 2026 at 19:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC or if we consumed all the available fragments for the skb), the page_pool fragment will not be linked to the skb so it will not return to the pool in the airoha_qdma_rx_process() error path. Fix the memory leak partially reverting commit 'd6d2b0e1538d ("net: airoha: Fix page recycling in airoha_qdma_rx_process()")' and always running page_pool_put_full_page routine in the airoha_qdma_rx_process() error path.
Title net: airoha: Fix memory leak in airoha_qdma_rx_process()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:46.322Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43102

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:23.750

Modified: 2026-05-11T17:34:42.620

Link: CVE-2026-43102

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43102 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:45:08Z

Weaknesses