CVE-2026-43283 - Vulnerability Details

- net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle

dma_free_coherent() in error path takes priv->rx_buf.alloc_len as
the dma handle. This would lead to improper unmapping of the buffer.

Change the dma handle to priv->rx_buf.alloc_phys.

Published: 2026-05-06

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel’s ec_bhf ethernet driver, the function dma_free_coherent() mistakenly uses the allocation length as the DMA handle during an error path, instead of the correct physical address. This mismatch can cause an incorrect unmapping of a buffer that was previously coherently mapped, potentially corrupting kernel memory. The CVE description does not explicitly state privilege escalation, but such corruption could allow an attacker to affect system integrity if they can trigger the error condition. The weakness is identified as an improper resource cleanup related to DMA usage (CWE‑628).

Affected Systems

Any system running the Linux kernel with the ec_bhf Ethernet driver is susceptible. The CNA data does not specify affected kernel versions, so all deployments of this driver should be considered at risk until the patch is applied.

Risk and Exploitability

The CVSS score of 8.8 denotes high severity, yet the EPSS score of less than 1% reflects a low predicted exploitation probability at this time. The vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known or confirmed exploits. The likely attack vector is an attempted network condition that forces the driver into the error path, inferred from the nature of the DMA handling exposed by the bug. While exploitation would require the attacker to induce the error, the potential for kernel memory corruption warrants careful monitoring.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 0f589ee54fd6d76d3f75e745f7f12c64cbd749e5
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 8320727be7ff704e07c87624efc2a4a75f54b3ce
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 1e300c33ef3cc544c2b9c693778fe9490cfe9184
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 1b1371cd4032ae859838ebc74215f569987bb197
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 1b1d3c5d58a80a19d017a409aa2308162bab5bbf
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< 7e54ff938bebb173822b4c38b33fc164c1cabf92
`6af55ff52b02d492d45db88df3e461fa51a6f753`	affected	< ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2

Linux

affected

Version	Status	Constraints
`3.15`	affected	—
`0`	unaffected	< 3.15
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.15:-::::::
	cpe:2.3:o:linux:linux_kernel:3.15:rc7::::::
	cpe:2.3:o:linux:linux_kernel:3.15:rc8::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6af55ff52b02d492d45db88df3e461fa51a6f753,0f589ee54fd6d76d3f75e745f7f12c64cbd749e5)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,8320727be7ff704e07c87624efc2a4a75f54b3ce)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,1e300c33ef3cc544c2b9c693778fe9490cfe9184)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,1b1371cd4032ae859838ebc74215f569987bb197)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,1b1d3c5d58a80a19d017a409aa2308162bab5bbf)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,7e54ff938bebb173822b4c38b33fc164c1cabf92)`	affected	code_commit	—
`[6af55ff52b02d492d45db88df3e461fa51a6f753,ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.15`	affected	generic	—
`[0,3.15)`	unaffected	generic	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the ec_bhf dma_free_coherent fix commit identified in the provided commit logs.
If an update is not immediately available, disable or unload the ec_bhf driver (e.g., with modprobe -r or by blacklisting the module) to eliminate the affected code path.
Restrict the host to trusted network segments or apply firewall rules to reduce the chance of malformed traffic reaching the driver until a patch is applied.

Generated by OpenCVE AI on May 8, 2026 at 20:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0f589ee54fd6d76d3f75e745f7f12c64cbd749e5
https://git.kernel.org/stable/c/1b1371cd4032ae859838ebc74215f569987bb197
https://git.kernel.org/stable/c/1b1d3c5d58a80a19d017a409aa2308162bab5bbf
https://git.kernel.org/stable/c/1e300c33ef3cc544c2b9c693778fe9490cfe9184
https://git.kernel.org/stable/c/7e54ff938bebb173822b4c38b33fc164c1cabf92
https://git.kernel.org/stable/c/8320727be7ff704e07c87624efc2a4a75f54b3ce
https://git.kernel.org/stable/c/accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0
https://git.kernel.org/stable/c/ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2
https://lore.kernel.org/linux-cve-announce/2026050614-CVE-2026-43283-44c6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43283
https://www.cve.org/CVERecord?id=CVE-2026-43283

History

Fri, 08 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:3.15:-:::::: cpe:2.3:o:linux:linux_kernel:3.15:rc7:::::: cpe:2.3:o:linux:linux_kernel:3.15:rc8::::::

Fri, 08 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Fri, 08 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-628
References		https://lore.kernel.org/linux-cve-announce/2026050614-CVE-2026-43283-44c6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43283 https://www.cve.org/CVERecord?id=CVE-2026-43283

Wed, 06 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv->rx_buf.alloc_phys.
Title		net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0f589ee54fd6d76d3f75e745f7f12c64cbd749e5 https://git.kernel.org/stable/c/1b1371cd4032ae859838ebc74215f569987bb197 https://git.kernel.org/stable/c/1b1d3c5d58a80a19d017a409aa2308162bab5bbf https://git.kernel.org/stable/c/1e300c33ef3cc544c2b9c693778fe9490cfe9184 https://git.kernel.org/stable/c/7e54ff938bebb173822b4c38b33fc164c1cabf92 https://git.kernel.org/stable/c/8320727be7ff704e07c87624efc2a4a75f54b3ce https://git.kernel.org/stable/c/accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0 https://git.kernel.org/stable/c/ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:29:03.726Z

Updated: 2026-05-11T22:21:33.771Z

Reserved: 2026-05-01T14:12:55.998Z

Link: CVE-2026-43283

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:49.817

Modified: 2026-05-08T19:08:43.663

Link: CVE-2026-43283

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43283 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T21:00:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object