CVE-2026-43373 - Vulnerability Details

- net: ncsi: fix skb leak in error paths

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ncsi: fix skb leak in error paths

Early return paths in NCSI RX and AEN handlers fail to release
the received skb, resulting in a memory leak.

Specifically, ncsi_aen_handler() returns on invalid AEN packets
without consuming the skb. Similarly, ncsi_rcv_rsp() exits early
when failing to resolve the NCSI device, response handler, or
request, leaving the skb unfreed.

Published: 2026-05-08

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s NCSI driver contains a flaw where certain error-handling paths in the NCSI RX and AEN handlers return prematurely without freeing the socket buffer (skb) that holds incoming packets, resulting in a memory leak. This defect, classified as CWE-401, can consume kernel address space over time and potentially trigger a denial of service by exhausting available memory. The vulnerability does not expose confidential data directly; its impact lies in system stability and availability degradation.

Affected Systems

All Linux kernel builds that compile the NCSI driver are affected. The issue resides in the core driver code, so any kernel that includes the NCSI subsystem without the recent patch can be vulnerable. Administrators should verify whether their kernel originates from the mainline and whether the NCSI module is enabled.

Risk and Exploitability

The CVSS score is 7.5 and the EPSS score is <1%, indicating a high severity but low exploitation probability. The vulnerability is not listed in CISA KEV, indicating no known active exploits. Based on the description, it is inferred that an attacker would need to trigger the early‑return paths by sending malformed or invalid NCSI packets to the target system. If the attacker has local or privileged access, they can repeatedly generate such traffic, gradually exhausting kernel memory. A remote attacker would need the ability to send raw NCSI traffic to the target, which is less common but still possible on exposed interfaces. The longer the flaw remains unpatched, the greater the likelihood that uncontrolled memory consumption will lead to system instability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 9891d7f4f1ede473c54b49776ae07755083eef06
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< fef5aa6e3bcf3c8053307642663a63b7362d7552
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 59962588197863d0d746879f193905c0c6b3df49
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 553366c271479c0d571dd1bb5d1bcde4747fb82e
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< b70c4e5e711931cdd56e6e905737b72f1e649189
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 87138dde2d6937b12b967f28fe598a7d59000ae4
`138635cc27c9737f940c3aa80912ff7a61c825af`	affected	< 5c3398a54266541610c8d0a7082e654e9ff3e259

Linux

affected

Version	Status	Constraints
`4.8`	affected	—
`0`	unaffected	< 4.8
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[138635cc27c9737f940c3aa80912ff7a61c825af,9891d7f4f1ede473c54b49776ae07755083eef06)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,fef5aa6e3bcf3c8053307642663a63b7362d7552)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,59962588197863d0d746879f193905c0c6b3df49)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,553366c271479c0d571dd1bb5d1bcde4747fb82e)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,b70c4e5e711931cdd56e6e905737b72f1e649189)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,87138dde2d6937b12b967f28fe598a7d59000ae4)`	affected	code_commit	—
`[138635cc27c9737f940c3aa80912ff7a61c825af,5c3398a54266541610c8d0a7082e654e9ff3e259)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.8`	affected	generic	—
`[0,4.8)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that incorporates the NCSI skb leak fix
If upgrading immediately is not possible, disable the NCSI driver by removing or blacklisting the module from the system
Continuously monitor kernel memory consumption for abnormal growth patterns as an early indicator of a leak in the NCSI subsystem

Generated by OpenCVE AI on May 15, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/553366c271479c0d571dd1bb5d1bcde4747fb82e
https://git.kernel.org/stable/c/59962588197863d0d746879f193905c0c6b3df49
https://git.kernel.org/stable/c/5c3398a54266541610c8d0a7082e654e9ff3e259
https://git.kernel.org/stable/c/81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a
https://git.kernel.org/stable/c/87138dde2d6937b12b967f28fe598a7d59000ae4
https://git.kernel.org/stable/c/9891d7f4f1ede473c54b49776ae07755083eef06
https://git.kernel.org/stable/c/b70c4e5e711931cdd56e6e905737b72f1e649189
https://git.kernel.org/stable/c/fef5aa6e3bcf3c8053307642663a63b7362d7552
https://lore.kernel.org/linux-cve-announce/2026050830-CVE-2026-43373-2e8a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43373
https://www.cve.org/CVERecord?id=CVE-2026-43373

History

Fri, 15 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::

Mon, 11 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050830-CVE-2026-43373-2e8a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43373 https://www.cve.org/CVERecord?id=CVE-2026-43373
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 08 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed.
Title		net: ncsi: fix skb leak in error paths
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/553366c271479c0d571dd1bb5d1bcde4747fb82e https://git.kernel.org/stable/c/59962588197863d0d746879f193905c0c6b3df49 https://git.kernel.org/stable/c/5c3398a54266541610c8d0a7082e654e9ff3e259 https://git.kernel.org/stable/c/81d6aee32f8f7bbc175c05dbf61f4430bfb88c4a https://git.kernel.org/stable/c/87138dde2d6937b12b967f28fe598a7d59000ae4 https://git.kernel.org/stable/c/9891d7f4f1ede473c54b49776ae07755083eef06 https://git.kernel.org/stable/c/b70c4e5e711931cdd56e6e905737b72f1e649189 https://git.kernel.org/stable/c/fef5aa6e3bcf3c8053307642663a63b7362d7552

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:23.875Z

Updated: 2026-05-11T22:23:20.054Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43373

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T15:16:48.423

Modified: 2026-05-15T15:16:52.813

Link: CVE-2026-43373

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43373 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-15T17:00:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object