CVE-2026-43346 - Vulnerability Details

- ice: ptp: don't WARN when controlling PF is unavailable

Description

In the Linux kernel, the following vulnerability has been resolved:

ice: ptp: don't WARN when controlling PF is unavailable

In VFIO passthrough setups, it is possible to pass through only a PF
which doesn't own the source timer. In that case the PTP controlling PF
(adapter->ctrl_pf) is never initialized in the VM, so ice_get_ctrl_ptp()
returns NULL and triggers WARN_ON() in ice_ptp_setup_pf().

Since this is an expected behavior in that configuration, replace
WARN_ON() with an informational message and return -EOPNOTSUPP.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel driver ice, which handles Precision Time Protocol (PTP) functions, has been updated to avoid raising a kernel warning when the controlling Physical Function (PF) of a VFIO passthrough setup is unavailable. In configurations where only a PF that does not own the source timer is passed through, the internal call to ice_get_ctrl_ptp() returns NULL and previously triggered a WARN_ON(), producing a kernel warning. The new implementation replaces this warning with an informational message and returns -EOPNOTSUPP instead. This change removes a misleading log entry and aligns the behavior with the expected configuration. The modification does not alter system functionality for normal operation, nor does it introduce or cure a security flaw. It simply corrects an unnecessary diagnostic that could otherwise clutter logs.

Affected Systems

The issue applies to the Linux kernel across all vendor implementations (Linux:Linux). No specific version ranges are provided, indicating that the behavior was common to all kernel versions before the patch. The latest kernel releases contain the fix.

Risk and Exploitability

The event is a non‑exploitable informational change; EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, confirming its absence from known exploitation activity. The CVSS score of 5.5 indicates a medium severity, but this does not translate into a real security risk. Because the original warning was triggered only when the controlling PF was legitimately missing, an attacker cannot manipulate kernel state or achieve elevated privileges through this path. The risk level is effectively zero from a security standpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e800654e85b5b27966fc6493201f5f8cf658beb6`	affected	< e19675b384e9dcaca1bd5e4a67b8ad136eccfbe8
`e800654e85b5b27966fc6493201f5f8cf658beb6`	affected	< c73f365707d3b1b78b7d16e1f029020d1ae50d0f
`e800654e85b5b27966fc6493201f5f8cf658beb6`	affected	< bb3f21edc7056cdf44a7f7bd7ba65af40741838c
`2f59743be4d9568cad2d9cf697d1b897975421ed`	affected	—

Linux

affected

Version	Status	Constraints
`6.13`	affected	—
`0`	unaffected	< 6.13
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e800654e85b5b27966fc6493201f5f8cf658beb6,e19675b384e9dcaca1bd5e4a67b8ad136eccfbe8)`	affected	code_commit	—
`[e800654e85b5b27966fc6493201f5f8cf658beb6,c73f365707d3b1b78b7d16e1f029020d1ae50d0f)`	affected	code_commit	—
`[e800654e85b5b27966fc6493201f5f8cf658beb6,bb3f21edc7056cdf44a7f7bd7ba65af40741838c)`	affected	code_commit	—
`2f59743be4d9568cad2d9cf697d1b897975421ed`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.13`	affected	semver	—
`[0,6.13)`	unaffected	semver	—
`[6.18.24,6.19.0)`	unaffected	semver	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that includes the PTP exception fix, replacing the WARN_ON() with an informational message and -EOPNOTSUPP return value.
Reconfigure VFIO passthrough to pass through a PF that owns the PTP source timer, ensuring ice_get_ctrl_ptp() returns a valid controller and eliminating the diagnostic entirely.
Monitor kernel logs for unexpected PTP warning messages to verify the issue has been resolved and that no new WARN_ON() entries appear.
Check that the kernel implements proper error handling for PF unavailability as defined by CWE‑682, ensuring appropriate return codes instead of warnings.

Generated by OpenCVE AI on May 9, 2026 at 03:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/bb3f21edc7056cdf44a7f7bd7ba65af40741838c
https://git.kernel.org/stable/c/c73f365707d3b1b78b7d16e1f029020d1ae50d0f
https://git.kernel.org/stable/c/e19675b384e9dcaca1bd5e4a67b8ad136eccfbe8
https://lore.kernel.org/linux-cve-announce/2026050837-CVE-2026-43346-ec5f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43346
https://www.cve.org/CVERecord?id=CVE-2026-43346

History

Sat, 09 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-682

Sat, 09 May 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-668

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050837-CVE-2026-43346-ec5f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43346 https://www.cve.org/CVERecord?id=CVE-2026-43346
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-668

Fri, 08 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF (adapter->ctrl_pf) is never initialized in the VM, so ice_get_ctrl_ptp() returns NULL and triggers WARN_ON() in ice_ptp_setup_pf(). Since this is an expected behavior in that configuration, replace WARN_ON() with an informational message and return -EOPNOTSUPP.
Title		ice: ptp: don't WARN when controlling PF is unavailable
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/bb3f21edc7056cdf44a7f7bd7ba65af40741838c https://git.kernel.org/stable/c/c73f365707d3b1b78b7d16e1f029020d1ae50d0f https://git.kernel.org/stable/c/e19675b384e9dcaca1bd5e4a67b8ad136eccfbe8

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:39:31.930Z

Updated: 2026-05-08T13:39:31.930Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43346

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:44.663

Modified: 2026-05-08T14:16:44.663

Link: CVE-2026-43346

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43346 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T03:30:24Z

Weaknesses

CWE-682

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object