Description
In the Linux kernel, the following vulnerability has been resolved:

mctp: i2c: fix skb memory leak in receive path

When 'midev->allow_rx' is false, the newly allocated skb isn't consumed
by netif_rx(), it needs to free the skb directly.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel mod mctp/i2c contains a flaw where a newly allocated socket buffer is never freed when ‘midev->allow_rx’ is set to false. This causes a cumulative memory leak that can deplete kernel memory, potentially bringing the system to a halt. The defect does not directly expose information or facilitate code execution, but it can serve as a denial‑of‑service vector by exhausting critical system resources.

Affected Systems

All Linux kernel builds that include the mctp i2c driver before the patch, such as the default kernel shipped with most mainstream distributions. No specific vendor or version list is provided, so any system running an affected kernel version requires remediation.

Risk and Exploitability

Based on the description, it is inferred that the vulnerability is local; an attacker must be able to interface with the kernel’s mctp/i2c subsystem or inject traffic that triggers the receive path while ‘allow_rx’ is disabled. Although standard kernel access controls prevent arbitrary packet injection from user space, a compromised privileged process or a malicious I2C device could prove the condition. The EPSS score is < 1%, and the issue is not listed in KEV, but the potential for memory exhaustion makes the risk significant. Immediate patching is advised to eliminate the leak.

Generated by OpenCVE AI on May 9, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a revision that includes the fix described in the referenced commits.
  • Ensure that the mctp driver configuration remains required only when necessary and that ‘allow_rx’ is set appropriately in any custom builds.
  • If an immediate kernel upgrade is not possible, disable the mctp driver or limit I2C traffic to avoid repeated receive attempts.

Generated by OpenCVE AI on May 9, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Sat, 09 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Fri, 08 May 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_rx(), it needs to free the skb directly.
Title mctp: i2c: fix skb memory leak in receive path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:22:20.725Z

Reserved: 2026-05-01T14:12:56.010Z

Link: CVE-2026-43457

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:58.517

Modified: 2026-05-08T15:16:58.517

Link: CVE-2026-43457

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43457 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T16:30:37Z

Weaknesses