CVE-2026-43260
Awaiting Analysis Awaiting Analysis - Queue
Memory Leak in Broadcom bnxt_en Driver

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netif_running() is true to help delete RSS contexts with interface down. Having that condition will make the driver leak VNICs in FW whenever close() happens with active RSS contexts. On the subsequent open(), as part of RSS context restoration, we will end up trying to create extra VNICs for which we did not make any reservation. FW can fail this request, thereby making us lose active RSS contexts. Suppose an RSS context is deleted already and we try to process a delete request again, then the HWRM functions will check for validity of the request and they simply return if the resource is already freed. So, even for delete-when-down cases, netif_running() check is not necessary. Remove the netif_running() condition check when deleting an RSS context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43260
EUVD
EUVD-2026-27820
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's bnxt_en driver related to the handling of RSS (Receive Side Scaling) context deletion. The issue arises because the driver only deletes the RSS context VNIC in firmware when the network interface is running (netif_running() is true). If the interface is down during deletion, the driver leaks VNICs in firmware. When the interface is later reopened, the driver attempts to create additional VNICs without proper reservation, which can cause firmware failures and loss of active RSS contexts.

The root cause is the conditional check on netif_running() that prevents deletion of RSS context VNICs when the interface is down. Removing this condition ensures that RSS contexts are properly deleted regardless of interface state, preventing resource leaks and related failures.


How can this vulnerability impact me? :

This vulnerability can lead to resource leaks in the firmware due to unreleased RSS context VNICs when the network interface is closed. As a result, when the interface is reopened, attempts to restore RSS contexts may fail because the firmware cannot allocate the necessary resources.

The impact includes potential loss of active RSS contexts, which can degrade network performance or cause network functionality issues related to packet processing and load distribution.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by removing the netif_running() condition check when deleting an RSS context in the bnxt_en driver of the Linux kernel.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart