CVE-2026-43375 - Vulnerability Details

- net: mctp: fix device leak on probe failure

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: fix device leak on probe failure

Driver core holds a reference to the USB interface and its parent USB
device while the interface is bound to a driver and there is no need to
take additional references unless the structures are needed after
disconnect.

This driver takes a reference to the USB device during probe but does
not to release it on probe failures.

Drop the redundant device reference to fix the leak, reduce cargo
culting, make it easier to spot drivers where an extra reference is
needed, and reduce the risk of further memory leaks.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel the MCTP driver retains an unnecessary reference to a USB device during the probe routine and fails to release it on probe failure. The result is a resource leak that can gradually accumulate until memory pressure causes system instability. The weakness corresponds to missing resource recovery and logical error. The vulnerability does not provide direct code execution but can degrade system reliability and availability over time.

Affected Systems

The flaw exists in the Linux kernel's MCTP driver, affecting all kernel releases that include the buggy driver prior to the published fix. The vendor is the Linux kernel project and the affected product is the Linux kernel itself. No exact version numbers are supplied, so any kernel version before the patch should be treated as vulnerable.

Risk and Exploitability

The risk of exploitation is moderate because the leak can lead to memory exhaustion. Because it is a kernel-level driver, the attack vector is local; a local user with the ability to probe MCTP devices could trigger the leak repeatedly. There is no evidence of remote exploitation or elevated privileges being required beyond local access. The EPSS score is not available and the vulnerability is not listed in CISA KEV. The CVSS score is not provided, but the impact is limited to resource depletion rather than immediate confidentiality or integrity compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< 3224990fb16a831aabc50b67c74f5d0074ce80dd
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< ec9538f9b5cd1db5e8c612aa636b6119b6355c5d
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< 224a0d284c3caf1951302d1744a714784febed71

Linux

affected

Version	Status	Constraints
`6.15`	affected	—
`0`	unaffected	< 6.15
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,3224990fb16a831aabc50b67c74f5d0074ce80dd)`	affected	code_commit	—
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,ec9538f9b5cd1db5e8c612aa636b6119b6355c5d)`	affected	code_commit	—
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,224a0d284c3caf1951302d1744a714784febed71)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.15`	affected	generic	—
`[0,6.15)`	unaffected	generic	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply kernel update that includes the fixed MCTP driver
If an update is not immediately possible, disable the MCTP driver to prevent further probe failures from leaking resources
Monitor kernel logs and memory usage for repeated MCTP probe failures and signs of memory exhaustion

Generated by OpenCVE AI on May 9, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/224a0d284c3caf1951302d1744a714784febed71
https://git.kernel.org/stable/c/3224990fb16a831aabc50b67c74f5d0074ce80dd
https://git.kernel.org/stable/c/ec9538f9b5cd1db5e8c612aa636b6119b6355c5d
https://lore.kernel.org/linux-cve-announce/2026050831-CVE-2026-43375-394d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43375
https://www.cve.org/CVERecord?id=CVE-2026-43375

History

Sat, 09 May 2026 04:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-404

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050831-CVE-2026-43375-394d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43375 https://www.cve.org/CVERecord?id=CVE-2026-43375

Fri, 08 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-404

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect. This driver takes a reference to the USB device during probe but does not to release it on probe failures. Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.
Title		net: mctp: fix device leak on probe failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/224a0d284c3caf1951302d1744a714784febed71 https://git.kernel.org/stable/c/3224990fb16a831aabc50b67c74f5d0074ce80dd https://git.kernel.org/stable/c/ec9538f9b5cd1db5e8c612aa636b6119b6355c5d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:25.193Z

Updated: 2026-05-08T14:21:25.193Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43375

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:48.650

Modified: 2026-05-08T15:16:48.650

Link: CVE-2026-43375

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43375 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T05:30:16Z

Weaknesses

CWE-911

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object