Description
In the Linux kernel, the following vulnerability has been resolved:

net: spacemit: Fix error handling in emac_tx_mem_map()

The DMA mappings were leaked on mapping error. Free them with the
existing emac_free_tx_buf() function.
Published: 2026-05-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A malfunction in the Spacemit Ethernet driver causes DMA mappings for transmission buffers to remain alive when an error occurs during emac_tx_mem_map(). The failure to free the mappings results in a resource leak. Based on the description, it is inferred that an attacker could potentially observe the kernel's DMA memory allocation pattern. This flaw stems from improper resource management, mapping to CWE‑763.

Affected Systems

The Linux kernel's Spacemit Ethernet driver is affected. Any kernel version that includes this driver is potentially impacted; no specific version ranges are provided.

Risk and Exploitability

The EPSS score is below 1%, indicating that exploitation is unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves crafting network traffic to trigger the mapping error on the Spacemit interface, leading to a leak of DMA memory addresses. The CVSS score of 7.5 classifies this flaw as a high severity vulnerability.

Generated by OpenCVE AI on May 20, 2026 at 19:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the patch identified by commit 86292155bea578ebab0ca3b65d4d87ecd8a0e9ea.
  • If an update cannot be applied immediately, disable the Spacemit Ethernet interface or unload the driver to prevent mapping errors.
  • Monitor kernel logs for the specific mapping error and apply the patch as soon as it becomes available.

Generated by OpenCVE AI on May 20, 2026 at 19:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*

Mon, 11 May 2026 07:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-401

Sat, 09 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 08 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-401

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing emac_free_tx_buf() function.
Title net: spacemit: Fix error handling in emac_tx_mem_map()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:25:04.358Z

Reserved: 2026-05-01T14:12:56.010Z

Link: CVE-2026-43462

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T15:16:59.080

Modified: 2026-05-20T18:40:51.467

Link: CVE-2026-43462

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43462 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T20:00:12Z

Weaknesses