CVE-2026-43034
Buffer Overflow in Broadcom bnxt_en Linux Kernel Driver
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability involves improper handling of backing store type indexing in the Linux kernel's bnxt_en driver. Incorrect indexing could potentially lead to unexpected behavior or memory corruption within the kernel module handling network functions.
Such issues might cause system instability, crashes, or could be exploited to affect kernel integrity, which in turn could impact system security and reliability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the bnxt_en driver, specifically in the function bnxt_hwrm_func_backing_store_qcaps_v2(). The issue arises because the function stores a type value from the firmware response and later uses this value to index fixed backing-store metadata arrays. The vulnerability is due to relying on the firmware response's type value (resp->type) instead of using the current backing-store query type, which can lead to incorrect indexing.
The fix involves setting the type value from the current loop variable rather than the firmware response, ensuring that the type matches the array index correctly. Additionally, the loop was updated to advance the type from the next_valid_type, simplifying control flow and preventing invalid or unchanged entries from causing issues.