CVE-2026-43260

Name: CVE-2026-43260
Creator: NVD / NIST
Published: 2026-05-06T12:16:46.883+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2026-43260 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netif_running() is true to help delete RSS contexts with interface down. Having that condition will make the driver leak VNICs in FW whenever close() happens with active RSS contexts. On the subsequent open(), as part of RSS context restoration, we will end up trying to create extra VNICs for which we did not make any reservation. FW can fail this request, thereby making us lose active RSS contexts. Suppose an RSS context is deleted already and we try to process a delete request again, then the HWRM functions will check for validity of the request and they simply return if the resource is already freed. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netif_running() is true to help delete RSS contexts with interface down. Having that condition will make the driver leak VNICs in FW whenever close() happens with active RSS contexts. On the subsequent open(), as part of RSS context restoration, we will end up trying to create extra VNICs for which we did not make any reservation. FW can fail this request, thereby making us lose active RSS contexts. Suppose an RSS context is deleted already and we try to process a delete request again, then the HWRM functions will check for validity of the request and they simply return if the resource is already freed. So, even for delete-when-down cases, netif_running() check is not necessary. Remove the netif_running() condition check when deleting an RSS context.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.14%

3.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-415

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	>= 6.11, < 6.12.75	—
Linux	Linux Kernel	>= 6.13, < 6.18.16	—
Linux	Linux Kernel	>= 6.19, < 6.19.6	—
Linux	Linux Kernel	7.0	Rc1

References

Timeline

Published: May 6, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-43260?

How severe is CVE-2026-43260?

CVE-2026-43260 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2026-43260?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-43260?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST