CVE-2026-43219
Modified Modified - Updated After Analysis
Kernel Netdev Unregister Flaw in Linux CPSW Driver

Publication date: 2026-05-06

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet If an error occurs during register_netdev() for the first MAC in cpsw_register_ports(), even though cpsw->slaves[0].ndev is set to NULL, cpsw->slaves[1].ndev would remain unchanged. This could later cause cpsw_unregister_ports() to attempt unregistering the second MAC. To address this, add a check for ndev->reg_state before calling unregister_netdev(). With this change, setting cpsw->slaves[i].ndev to NULL becomes unnecessary and can be removed accordingly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-06-09
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43219
EUVD
EUVD-2026-27781
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's network driver code related to the cpsw (Ethernet switch) component. Specifically, if an error occurs during the registration of the first MAC device in cpsw_register_ports(), the code does not properly clear the state of the second MAC device. As a result, when cpsw_unregister_ports() is later called, it may attempt to unregister the second MAC device even though it was never properly registered. This can lead to incorrect behavior or potential errors during device unregistration.

The fix involves adding a check for the registration state (reg_state) of the network device before attempting to unregister it, preventing the unregistration of devices that were never registered.

Impact Analysis

This vulnerability could cause the Linux kernel to attempt to unregister network devices that were never properly registered, potentially leading to system instability or unexpected errors in network device management. While the description does not specify direct security impacts such as privilege escalation or data leakage, improper handling of network device states could affect network functionality or reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart