Description
In the Linux kernel, the following vulnerability has been resolved:

net: ipa: fix event ring index not programmed for IPA v5.0+

For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to
CH_C_CNTXT_1. The v5.0 register definition intended to define this
field in the CH_C_CNTXT_1 fmask array but used the old identifier of
ERINDEX instead of CH_ERINDEX.

Without a valid event ring, GSI channels could never signal transfer
completions. This caused gsi_channel_trans_quiesce() to block
forever in wait_for_completion().

At least for IPA v5.2 this resolves an issue seen where runtime
suspend, system suspend, and remoteproc stop all hanged forever. It
also meant the IPA data path was completely non functional.
Published: 2026-05-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A kernel bug in the IPA driver caused the event ring index field to remain unprogrammed for IPA controllers of version 5.0 and higher. Because the index was not set, GSI channels could not signal transfer completions, and the kernel function gsi_channel_trans_quiesce() would wait forever for a bounce that never arrived. This manifests as a system hang during runtime suspend, system suspend, or remoteproc stop operations, effectively disabling IPA‑based data paths.

Affected Systems

The flaw exists in the Linux kernel’s IPA driver for any distribution that ships a kernel version lacking the fix. All implementations that support IPA controllers v5.0 or later are potentially affected until the code is updated to program the correct CH_ERINDEX field.

Risk and Exploitability

The vulnerability is an internal kernel defect that can lead to a system hang when running certain operations such as runtime suspend, system suspend, or remoteproc stop. No public exploit is known. Based on the description, it is inferred that an attacker with local or privileged access who can trigger these operations could induce a denial‑of‑service state. The CVSS score of 7.5 indicates a high impact. With an EPSS score of < 1% and not listed in KEV, the likelihood of exploitation is extremely low, but it could still arise if such conditions are met.

Generated by OpenCVE AI on May 15, 2026 at 20:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel release that contains the IPA driver fix which corrects the event ring index programming error (CWE‑1285).
  • If an updated kernel is not available, isolate IPA‑intensive operations and avoid triggering runtime suspend, system suspend, or remoteproc stop to mitigate the hang until a patch is applied.
  • Alternatively backport the kernel.org commit that remaps the register field and programs the correct CH_ERINDEX value, thereby addressing the index calculation weakness (CWE‑1285).

Generated by OpenCVE AI on May 15, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Mon, 11 May 2026 07:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to CH_C_CNTXT_1. The v5.0 register definition intended to define this field in the CH_C_CNTXT_1 fmask array but used the old identifier of ERINDEX instead of CH_ERINDEX. Without a valid event ring, GSI channels could never signal transfer completions. This caused gsi_channel_trans_quiesce() to block forever in wait_for_completion(). At least for IPA v5.2 this resolves an issue seen where runtime suspend, system suspend, and remoteproc stop all hanged forever. It also meant the IPA data path was completely non functional.
Title net: ipa: fix event ring index not programmed for IPA v5.0+
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:46.451Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43345

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:44.547

Modified: 2026-05-15T19:24:20.990

Link: CVE-2026-43345

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43345 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T21:00:09Z

Weaknesses