CVE-2026-43345
Buffer Overflow in Linux Kernel IPA Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | From 5.0 (inc) |
| linux | kernel | From 5.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's IPA (IP Accelerator) component for versions 5.0 and above. The issue is due to an incorrect programming of the event ring index field, which was moved from one register context (CH_C_CNTXT_0) to another (CH_C_CNTXT_1) in IPA v5.0+. However, the code mistakenly used the old identifier (ERINDEX) instead of the correct one (CH_ERINDEX).
Because of this mistake, the event ring was never properly set up, causing GSI channels to fail to signal transfer completions. This leads to the function gsi_channel_trans_quiesce() blocking indefinitely, which in turn causes runtime suspend, system suspend, and remote processor stop operations to hang forever. Essentially, the IPA data path becomes completely non-functional.
How can this vulnerability impact me? :
The impact of this vulnerability is that certain system operations such as runtime suspend, system suspend, and remote processor stop can hang indefinitely. This means that devices relying on the IPA data path may experience system freezes or failures during these operations.
Additionally, since the IPA data path becomes completely non-functional, any network or data transfer tasks relying on this path could fail, potentially leading to degraded system performance or loss of functionality.