CVE-2026-43372
Memory Corruption in Linux Kernel PTP Subsystem
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| microchip | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's network subsystem, specifically in the Distributed Switch Architecture (DSA) driver for Microchip devices. The issue occurs during the setup of the Precision Time Protocol (PTP) interrupt request (IRQ). If the function request_threaded_irq() fails while setting up the PTP message IRQ, the newly created IRQ mapping is not properly disposed of. This happens because the error handling path in the ksz_ptp_irq_setup() function only frees mappings that were successfully set up, leaving the failed mapping allocated and potentially causing resource leaks.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily related to resource management within the Linux kernel. If the IRQ mapping is not properly disposed of after a failure, it could lead to resource leaks, which might degrade system stability or performance over time. While it does not directly indicate a security breach such as privilege escalation or data exposure, improper resource cleanup can cause system instability or unexpected behavior in network time synchronization features.