CVE-2026-43373
Received Received - Intake
NCSI skb leak in Linux kernel

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43373
EUVD
EUVD-2026-28679
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's Network Controller Sideband Interface (NCSI) implementation. Specifically, certain error handling paths in the NCSI RX and Asynchronous Event Notification (AEN) handlers fail to release received socket buffers (skb) when errors occur.

As a result, when invalid AEN packets are received or when the NCSI device or response handlers cannot be resolved, the code returns early without freeing the allocated skb, causing a memory leak.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a memory leak in the Linux kernel's NCSI handling code. Over time, repeated triggering of this flaw could cause increased memory consumption, potentially leading to degraded system performance or even system instability if memory resources are exhausted.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart