CVE-2026-43375 - Vulnerability Details

- net: mctp: fix device leak on probe failure

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: fix device leak on probe failure

Driver core holds a reference to the USB interface and its parent USB
device while the interface is bound to a driver and there is no need to
take additional references unless the structures are needed after
disconnect.

This driver takes a reference to the USB device during probe but does
not to release it on probe failures.

Drop the redundant device reference to fix the leak, reduce cargo
culting, make it easier to spot drivers where an extra reference is
needed, and reduce the risk of further memory leaks.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel MCTP driver holds a USB device reference during its probe process and fails to release it when the probe fails, causing a memory and resource leak. This leak can accumulate with each probe failure, leading to increased memory consumption and possible system instability over time.

Affected Systems

The flaw exists in the Linux kernel’s MCTP driver in all releases prior to the patch. Kernel versions less than the one containing the fix, regardless of release candidate, are vulnerable. No specific version numbers are listed, so any kernel assembly that shipped the unpatched driver before the update should be considered at risk.

Risk and Exploitability

The vulnerability has a CVSS score of 5.5, indicating medium severity and primarily a resource exhaustion impact. The EPSS score of <1% suggests a low likelihood of exploitation in the wild, and the flaw is not present in the CISA KEV catalog. The description does not specify an attack vector; however, the leak occurs during the MCTP probe, implying that an attacker would need local access to initiate a probe sequence. The resulting leak is non‑privilege‑escalating but may affect overall system stability if repeated probe failures occur.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< 3224990fb16a831aabc50b67c74f5d0074ce80dd
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< ec9538f9b5cd1db5e8c612aa636b6119b6355c5d
`0791c0327a6e4e7691d6fc5ad334c215de04dcc9`	affected	< 224a0d284c3caf1951302d1744a714784febed71

Linux

affected

Version	Status	Constraints
`6.15`	affected	—
`0`	unaffected	< 6.15
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,3224990fb16a831aabc50b67c74f5d0074ce80dd)`	affected	code_commit	—
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,ec9538f9b5cd1db5e8c612aa636b6119b6355c5d)`	affected	code_commit	—
`[0791c0327a6e4e7691d6fc5ad334c215de04dcc9,224a0d284c3caf1951302d1744a714784febed71)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.15`	affected	generic	—
`[0,6.15)`	unaffected	generic	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that includes the fixed MCTP driver or install the patch as distributed by the vendor.
If an update is not immediately available, unload or blacklist the mctp kernel module to stop the probe routine from executing.
Monitor system memory usage and kernel logs for signs of repeated MCTP probe failures, and address any hardware or configuration issues that cause them.

Generated by OpenCVE AI on May 15, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/224a0d284c3caf1951302d1744a714784febed71
https://git.kernel.org/stable/c/3224990fb16a831aabc50b67c74f5d0074ce80dd
https://git.kernel.org/stable/c/ec9538f9b5cd1db5e8c612aa636b6119b6355c5d
https://lore.kernel.org/linux-cve-announce/2026050831-CVE-2026-43375-394d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43375
https://www.cve.org/CVERecord?id=CVE-2026-43375

History

Fri, 15 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 04:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-404

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050831-CVE-2026-43375-394d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43375 https://www.cve.org/CVERecord?id=CVE-2026-43375

Fri, 08 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-404

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect. This driver takes a reference to the USB device during probe but does not to release it on probe failures. Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.
Title		net: mctp: fix device leak on probe failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/224a0d284c3caf1951302d1744a714784febed71 https://git.kernel.org/stable/c/3224990fb16a831aabc50b67c74f5d0074ce80dd https://git.kernel.org/stable/c/ec9538f9b5cd1db5e8c612aa636b6119b6355c5d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:25.193Z

Updated: 2026-05-11T22:23:22.359Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43375

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T15:16:48.650

Modified: 2026-05-15T15:16:08.877

Link: CVE-2026-43375

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43375 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-15T17:30:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object