CVE-2026-43372 - Vulnerability Details

- net: dsa: microchip: Fix error path in PTP IRQ setup

Description

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: microchip: Fix error path in PTP IRQ setup

If request_threaded_irq() fails during the PTP message IRQ setup, the
newly created IRQ mapping is never disposed. Indeed, the
ksz_ptp_irq_setup()'s error path only frees the mappings that were
successfully set up.

Dispose the newly created mapping if the associated
request_threaded_irq() fails at setup.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Linux kernel’s microchip Distributed Switch Architecture (DSA) driver. During PTP message interrupt setup, if request_threaded_irq() fails, the newly allocated IRQ mapping is not freed. The error path only cleans up mappings that succeeded, leaving dangling resources. This oversight can lead to an unreleased resource condition, potentially exhausting kernel memory or IRQ table entries and causing a denial of service.

Affected Systems

Systems running Linux kernel versions that include the microchip DSA driver but lack the patch found in commit 3704ac6a0d9a78f66a187515a8ca3faedaf01cc5. The bug is present before the kernel release that implements the fix; all affected distributions need to update to a kernel containing the patch.

Risk and Exploitability

The fix improves resource cleanup; no CVSS score is publicly available and the EPSS score is not provided, indicating low publicly documented exploitation risk. The vulnerability is not listed in the CISA KEV catalog, and no known exploit has been reported. An attacker would need the ability to trigger PTP IRQ setup failures repeatedly, which typically requires privileged or targeted network activity. If successfully exploited, the attacker could exhaust IRQ mappings leading to service disruption, but no remote code execution is possible.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3b5a6115d6ea45df1ea65dc9b832b23db5d593ba`	affected	< 3704ac6a0d9a78f66a187515a8ca3faedaf01cc5
`1ba6da6ca3db76f6a39004fd33a9c990e428515e`	affected	< e80fef36c676c947072dabeb5803ae59d92ba493
`d0b8fec8ae50525b57139393d0bb1f446e82ff7e`	affected	< 6c58a9fdb0d0e1011aa02455d26d6ebea251979b
`d0b8fec8ae50525b57139393d0bb1f446e82ff7e`	affected	< c2d1d41e0e8ec447d40a5752844fc5fb0b23db27
`d0b8fec8ae50525b57139393d0bb1f446e82ff7e`	affected	< 99c8c16a4aad0b37293cae213e15957c573cf79b
`ae12e4e0ca231475bcef841c6a6722fa185fd520`	affected	—

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[3b5a6115d6ea45df1ea65dc9b832b23db5d593ba,3704ac6a0d9a78f66a187515a8ca3faedaf01cc5)`	affected	code_commit	—
`[1ba6da6ca3db76f6a39004fd33a9c990e428515e,e80fef36c676c947072dabeb5803ae59d92ba493)`	affected	code_commit	—
`[d0b8fec8ae50525b57139393d0bb1f446e82ff7e,6c58a9fdb0d0e1011aa02455d26d6ebea251979b)`	affected	code_commit	—
`[d0b8fec8ae50525b57139393d0bb1f446e82ff7e,c2d1d41e0e8ec447d40a5752844fc5fb0b23db27)`	affected	code_commit	—
`[d0b8fec8ae50525b57139393d0bb1f446e82ff7e,99c8c16a4aad0b37293cae213e15957c573cf79b)`	affected	code_commit	—
`ae12e4e0ca231475bcef841c6a6722fa185fd520`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.6.130,7.0.0)`	unaffected	generic	—
`[6.12.78,7.0.0)`	unaffected	generic	—
`[6.18.19,7.0.0)`	unaffected	generic	—
`[6.19.9,7.0.0)`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel patch that addresses the PTP IRQ setup error, ensuring the system runs a kernel version that contains commit 3704ac6a0d9a78f66a187515a8ca3faedaf01cc5 or later.
Disable or unload the microchip DSA driver or PTP functionality if not required, to avoid the affected code path.
Monitor kernel logs for repeated request_threaded_irq failures and verify that IRQ mapping counts remain stable following the update.

Generated by OpenCVE AI on May 9, 2026 at 01:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3704ac6a0d9a78f66a187515a8ca3faedaf01cc5
https://git.kernel.org/stable/c/6c58a9fdb0d0e1011aa02455d26d6ebea251979b
https://git.kernel.org/stable/c/99c8c16a4aad0b37293cae213e15957c573cf79b
https://git.kernel.org/stable/c/c2d1d41e0e8ec447d40a5752844fc5fb0b23db27
https://git.kernel.org/stable/c/e80fef36c676c947072dabeb5803ae59d92ba493
https://lore.kernel.org/linux-cve-announce/2026050830-CVE-2026-43372-d898@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43372
https://www.cve.org/CVERecord?id=CVE-2026-43372

History

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050830-CVE-2026-43372-d898@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43372 https://www.cve.org/CVERecord?id=CVE-2026-43372

Fri, 08 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the ksz_ptp_irq_setup()'s error path only frees the mappings that were successfully set up. Dispose the newly created mapping if the associated request_threaded_irq() fails at setup.
Title		net: dsa: microchip: Fix error path in PTP IRQ setup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3704ac6a0d9a78f66a187515a8ca3faedaf01cc5 https://git.kernel.org/stable/c/6c58a9fdb0d0e1011aa02455d26d6ebea251979b https://git.kernel.org/stable/c/99c8c16a4aad0b37293cae213e15957c573cf79b https://git.kernel.org/stable/c/c2d1d41e0e8ec447d40a5752844fc5fb0b23db27 https://git.kernel.org/stable/c/e80fef36c676c947072dabeb5803ae59d92ba493

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:23.221Z

Updated: 2026-05-08T14:21:23.221Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43372

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:48.313

Modified: 2026-05-08T15:16:48.313

Link: CVE-2026-43372

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43372 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object