CVE-2026-43034
Awaiting Analysis Awaiting Analysis - Queue

Buffer Overflow in Broadcom bnxt_en Linux Kernel Driver

Vulnerability report for CVE-2026-43034, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-01

Last updated on: 2026-05-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata arrays such as ctx_arr[] and bnxt_bstore_to_trace[]. ctxm->type is fixed by the current backing-store query type and matches the array index of ctx->ctx_arr. Set ctxm->type from the current loop variable instead of depending on resp->type. Also update the loop to advance type from next_valid_type in the for statement, which keeps the control flow simpler for non-valid and unchanged entries.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-01
Last Modified
2026-05-08
Generated
2026-07-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.8 (inc) to 6.18.22 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the bnxt_en driver, specifically in the function bnxt_hwrm_func_backing_store_qcaps_v2(). The issue arises because the function stores a type value from the firmware response and later uses this value to index fixed backing-store metadata arrays. The vulnerability is due to relying on the firmware response's type value (resp->type) instead of using the current backing-store query type, which can lead to incorrect indexing.

The fix involves setting the type value from the current loop variable rather than the firmware response, ensuring that the type matches the array index correctly. Additionally, the loop was updated to advance the type from the next_valid_type, simplifying control flow and preventing invalid or unchanged entries from causing issues.

Impact Analysis

This vulnerability involves improper handling of backing store type indexing in the Linux kernel's bnxt_en driver. Incorrect indexing could potentially lead to unexpected behavior or memory corruption within the kernel module handling network functions.

Such issues might cause system instability, crashes, or could be exploited to affect kernel integrity, which in turn could impact system security and reliability.

Compliance Impact

There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43034. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart