CVE-2026-43462 - Vulnerability Details

- net: spacemit: Fix error handling in emac_tx_mem_map()

Description

In the Linux kernel, the following vulnerability has been resolved:

net: spacemit: Fix error handling in emac_tx_mem_map()

The DMA mappings were leaked on mapping error. Free them with the
existing emac_free_tx_buf() function.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A malfunction in the Spacemit Ethernet driver causes DMA mappings for transmission buffers to remain alive when an error occurs during emac_tx_mem_map(). The failure to free the mappings leaks DMA memory addresses that can expose the layout of kernel memory. This flaw stems from improper resource management, mapping to CWE‑763.

Affected Systems

The Linux kernel's Spacemit Ethernet driver is affected. Any kernel version that includes this driver is potentially impacted; no specific version ranges are provided.

Risk and Exploitability

The EPSS score is below 1 %, indicating that exploitation is unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves crafting network traffic to trigger the mapping error on the Spacemit interface, leading to the leak of DMA information. No CVSS score is available; severity is considered low to medium based on the available data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`bfec6d7f2001c7470c3cd261ae65a3ba8737f226`	affected	< c34ebd7b24ea70be3c6fdb6936f79f593f37df60
`bfec6d7f2001c7470c3cd261ae65a3ba8737f226`	affected	< edeaba385318f60ec1b32470da4d5eb800294d16
`bfec6d7f2001c7470c3cd261ae65a3ba8737f226`	affected	< 86292155bea578ebab0ca3b65d4d87ecd8a0e9ea

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[bfec6d7f2001c7470c3cd261ae65a3ba8737f226,c34ebd7b24ea70be3c6fdb6936f79f593f37df60)`	affected	code_commit	—
`[bfec6d7f2001c7470c3cd261ae65a3ba8737f226,edeaba385318f60ec1b32470da4d5eb800294d16)`	affected	code_commit	—
`[bfec6d7f2001c7470c3cd261ae65a3ba8737f226,86292155bea578ebab0ca3b65d4d87ecd8a0e9ea)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	semver	—
`[0,6.18)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the patch identified by commit 86292155bea578ebab0ca3b65d4d87ecd8a0e9ea.
If an update cannot be applied immediately, disable the Spacemit Ethernet interface or unload the driver to prevent mapping errors.
Monitor kernel logs for the specific mapping error and apply the patch as soon as it becomes available.

Generated by OpenCVE AI on May 9, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/86292155bea578ebab0ca3b65d4d87ecd8a0e9ea
https://git.kernel.org/stable/c/c34ebd7b24ea70be3c6fdb6936f79f593f37df60
https://git.kernel.org/stable/c/edeaba385318f60ec1b32470da4d5eb800294d16
https://lore.kernel.org/linux-cve-announce/2026050801-CVE-2026-43462-aca6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43462
https://www.cve.org/CVERecord?id=CVE-2026-43462

History

Sat, 09 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 CWE-401

Sat, 09 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://lore.kernel.org/linux-cve-announce/2026050801-CVE-2026-43462-aca6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43462 https://www.cve.org/CVERecord?id=CVE-2026-43462
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 08 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-401

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing emac_free_tx_buf() function.
Title		net: spacemit: Fix error handling in emac_tx_mem_map()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/86292155bea578ebab0ca3b65d4d87ecd8a0e9ea https://git.kernel.org/stable/c/c34ebd7b24ea70be3c6fdb6936f79f593f37df60 https://git.kernel.org/stable/c/edeaba385318f60ec1b32470da4d5eb800294d16

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:22:24.686Z

Updated: 2026-05-08T14:22:24.686Z

Reserved: 2026-05-01T14:12:56.010Z

Link: CVE-2026-43462

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:59.080

Modified: 2026-05-08T15:16:59.080

Link: CVE-2026-43462

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43462 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T17:30:38Z

Weaknesses

CWE-763

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object