CVE-2026-43034
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in Broadcom bnxt_en Linux Kernel Driver

Publication date: 2026-05-01

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata arrays such as ctx_arr[] and bnxt_bstore_to_trace[]. ctxm->type is fixed by the current backing-store query type and matches the array index of ctx->ctx_arr. Set ctxm->type from the current loop variable instead of depending on resp->type. Also update the loop to advance type from next_valid_type in the for statement, which keeps the control flow simpler for non-valid and unchanged entries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43034
EUVD
EUVD-2026-26633
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.8 (inc) to 6.18.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the bnxt_en driver, specifically in the function bnxt_hwrm_func_backing_store_qcaps_v2(). The issue arises because the function stores a type value from the firmware response and later uses this value to index fixed backing-store metadata arrays. The vulnerability is due to relying on the firmware response's type value (resp->type) instead of using the current backing-store query type, which can lead to incorrect indexing.

The fix involves setting the type value from the current loop variable rather than the firmware response, ensuring that the type matches the array index correctly. Additionally, the loop was updated to advance the type from the next_valid_type, simplifying control flow and preventing invalid or unchanged entries from causing issues.

Impact Analysis

This vulnerability involves improper handling of backing store type indexing in the Linux kernel's bnxt_en driver. Incorrect indexing could potentially lead to unexpected behavior or memory corruption within the kernel module handling network functions.

Such issues might cause system instability, crashes, or could be exploited to affect kernel integrity, which in turn could impact system security and reliability.

Compliance Impact

There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43034. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart