CVE-2026-43157 - Vulnerability Details

- octeontx2-af: CGX: fix bitmap leaks

Description

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: CGX: fix bitmap leaks

The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap)
are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit().
Unbinding and rebinding the driver therefore triggers kmemleak:

unreferenced object (size 16):
backtrace:
rvu_alloc_bitmap
cgx_probe

Free both bitmaps during teardown.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The octeontx2-af CGX driver allocates RX/TX flow‑control bitmaps during initialization but fails to free them during exit, causing a persistent memory leak that is reported by the kernel’s kmemleak detector. This defect is a CWE‑401 (Unreleased Memory) and a CWE‑772 (Unreleased Resource) flaw, indicating that resources are not properly released. The leak means that each time the driver is unbound and rebound, small 16‑byte objects remain resident in memory, which over time can exhaust available kernel memory and result in degraded performance or system instability.

Affected Systems

The vulnerability affects the octeontx2-af CGX driver component within the Linux kernel. No specific kernel release or version information is provided, so any Linux installation that includes this driver and experiences repeated driver unbind/bind operations may be impacted.

Risk and Exploitability

The defect is triggered only when the driver is unbound and rebound, so the attack vector is local and requires the ability to load or unload the driver. The CVSS score of 5.5 indicates medium severity. The EPSS score is < 1%, indicating an extremely low probability of exploitation. The vulnerability is not listed in CISA KEV, suggesting no currently known public exploits. Based on the description, it is inferred that the accumulation of unreleased memory objects may lead to increased kernel memory usage over repeated driver unbind/bind cycles, which could eventually affect system performance.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< ad8a13a45c5c24d0d32de9a1c3fd58498a675ece
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< 013ac469596a0b8671e62d89c89ae0bd46bbe667
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< ccef79af58b43787c25710c9da96651c6ddfe50f
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< 6d389382ee655128056fbdab86baad8495ffbf33
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< ccca14bbdcc25829d355b9f4d3249f43dadb71c1
`e740003874edc13e468d19233f99787bedb4bb8e`	affected	< 3def995c4ede842adf509c410e92d09a0cedc965

Linux

affected

Version	Status	Constraints
`5.18`	affected	—
`0`	unaffected	< 5.18
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e740003874edc13e468d19233f99787bedb4bb8e,ad8a13a45c5c24d0d32de9a1c3fd58498a675ece)`	affected	code_commit	—
`[e740003874edc13e468d19233f99787bedb4bb8e,013ac469596a0b8671e62d89c89ae0bd46bbe667)`	affected	code_commit	—
`[e740003874edc13e468d19233f99787bedb4bb8e,3def995c4ede842adf509c410e92d09a0cedc965)`	affected	code_commit	—
`[e740003874edc13e468d19233f99787bedb4bb8e,6d389382ee655128056fbdab86baad8495ffbf33)`	affected	code_commit	—
`[e740003874edc13e468d19233f99787bedb4bb8e,ccca14bbdcc25829d355b9f4d3249f43dadb71c1)`	affected	code_commit	—
`[e740003874edc13e468d19233f99787bedb4bb8e,ccef79af58b43787c25710c9da96651c6ddfe50f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.18`	affected	semver	—
`[0,5.18)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that incorporates the fix releasing the RX/TX flow‑control bitmaps during driver teardown.
Reboot the system so the patched driver is loaded and the cleanup routine is executed.
Restart any services that depend on the CGX driver to ensure normal operation proceeds without memory leaks.

Generated by OpenCVE AI on May 13, 2026 at 22:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/013ac469596a0b8671e62d89c89ae0bd46bbe667
https://git.kernel.org/stable/c/3def995c4ede842adf509c410e92d09a0cedc965
https://git.kernel.org/stable/c/6d389382ee655128056fbdab86baad8495ffbf33
https://git.kernel.org/stable/c/ad8a13a45c5c24d0d32de9a1c3fd58498a675ece
https://git.kernel.org/stable/c/ccca14bbdcc25829d355b9f4d3249f43dadb71c1
https://git.kernel.org/stable/c/ccef79af58b43787c25710c9da96651c6ddfe50f
https://lore.kernel.org/linux-cve-announce/2026050630-CVE-2026-43157-b4de@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43157
https://www.cve.org/CVERecord?id=CVE-2026-43157

History

Wed, 13 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050630-CVE-2026-43157-b4de@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43157 https://www.cve.org/CVERecord?id=CVE-2026-43157
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: CGX: fix bitmap leaks The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit(). Unbinding and rebinding the driver therefore triggers kmemleak: unreferenced object (size 16): backtrace: rvu_alloc_bitmap cgx_probe Free both bitmaps during teardown.
Title		octeontx2-af: CGX: fix bitmap leaks
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/013ac469596a0b8671e62d89c89ae0bd46bbe667 https://git.kernel.org/stable/c/3def995c4ede842adf509c410e92d09a0cedc965 https://git.kernel.org/stable/c/6d389382ee655128056fbdab86baad8495ffbf33 https://git.kernel.org/stable/c/ad8a13a45c5c24d0d32de9a1c3fd58498a675ece https://git.kernel.org/stable/c/ccca14bbdcc25829d355b9f4d3249f43dadb71c1 https://git.kernel.org/stable/c/ccef79af58b43787c25710c9da96651c6ddfe50f

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:37.185Z

Updated: 2026-05-11T22:18:51.830Z

Reserved: 2026-05-01T14:12:55.990Z

Link: CVE-2026-43157

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:33.563

Modified: 2026-05-13T21:09:08.057

Link: CVE-2026-43157

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43157 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-13T23:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object