CVE-2026-43102 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Fix memory leak in airoha_qdma_rx_process()

If an error occurs on the subsequents buffers belonging to the
non-linear part of the skb (e.g. due to an error in the payload length
reported by the NIC or if we consumed all the available fragments for
the skb), the page_pool fragment will not be linked to the skb so it will
not return to the pool in the airoha_qdma_rx_process() error path. Fix the
memory leak partially reverting commit 'd6d2b0e1538d ("net: airoha: Fix
page recycling in airoha_qdma_rx_process()")' and always running
page_pool_put_full_page routine in the airoha_qdma_rx_process() error
path.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A memory leak was identified in the Linux kernel airoha driver when processing non‑linear socket buffers in airoha_qdma_rx_process(). Errors such as invalid packet payload lengths or exhaustion of buffer fragments cause the driver to skip returning a page pool fragment to the pool, leading to gradual consumption of kernel memory. Over time this can deplete available memory, resulting in system instability or a denial of service.

Affected Systems

The flaw affects any Linux kernel installation that includes the airoha driver for QDMA network interfaces. Specific kernel versions are not listed, so any supported kernel running that driver is potentially vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score is not provided and the EPSS is not available, so an exact quantitative risk is unknown. If an attacker can send crafted packets to the vulnerable NIC, they could trigger the error path remotely and cause memory exhaustion, making this a high‑risk denial of service vulnerability. The vulnerability is not listed in CISA’s KEV catalog, indicating no known active exploitation at this time.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d6d2b0e1538d5c381ec0ca95afaf772c096ea5dc`	affected	< 4429b761874fb9c7767d12d98913a467ef2654f1
`d6d2b0e1538d5c381ec0ca95afaf772c096ea5dc`	affected	< 7ee0063fbab8aea8f4e4e3165f541bf898b77b80
`d6d2b0e1538d5c381ec0ca95afaf772c096ea5dc`	affected	< 285fa6b1e03cff78ead0383e1b259c44b95faf90

Linux

affected

Version	Status	Constraints
`6.15`	affected	—
`0`	unaffected	< 6.15
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that incorporates the airoha_qdma_rx_process() fix, which ensures page_pool_put_full_page is called on errors.
If a kernel upgrade is not currently available, apply the patch provided by the kernel maintainers that restores the missing page return logic (the commit referenced in the advisory).
After applying the fix, monitor kernel memory usage and verify that the page pool size does not grow unexpectedly during network traffic.

Generated by OpenCVE AI on May 6, 2026 at 11:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/285fa6b1e03cff78ead0383e1b259c44b95faf90
https://git.kernel.org/stable/c/4429b761874fb9c7767d12d98913a467ef2654f1
https://git.kernel.org/stable/c/7ee0063fbab8aea8f4e4e3165f541bf898b77b80

History

Wed, 06 May 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 06 May 2026 09:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC or if we consumed all the available fragments for the skb), the page_pool fragment will not be linked to the skb so it will not return to the pool in the airoha_qdma_rx_process() error path. Fix the memory leak partially reverting commit 'd6d2b0e1538d ("net: airoha: Fix page recycling in airoha_qdma_rx_process()")' and always running page_pool_put_full_page routine in the airoha_qdma_rx_process() error path.
Title		net: airoha: Fix memory leak in airoha_qdma_rx_process()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/285fa6b1e03cff78ead0383e1b259c44b95faf90 https://git.kernel.org/stable/c/4429b761874fb9c7767d12d98913a467ef2654f1 https://git.kernel.org/stable/c/7ee0063fbab8aea8f4e4e3165f541bf898b77b80

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T07:40:31.683Z

Updated: 2026-05-06T07:40:31.683Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43102

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-06T10:16:23.750

Modified: 2026-05-06T10:16:23.750

Link: CVE-2026-43102

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T11:45:03Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object