CVE-2026-43373
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
7.5
Description
In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 138635cc27c9737f940c3aa80912ff7a61c825af - < 9891d7f4f1ede473c54b49776ae07755083eef06affected 138635cc27c9737f940c3aa80912ff7a61c825af - < fef5aa6e3bcf3c8053307642663a63b7362d7552affected 138635cc27c9737f940c3aa80912ff7a61c825af - < 81d6aee32f8f7bbc175c05dbf61f4430bfb88c4aaffected 138635cc27c9737f940c3aa80912ff7a61c825af - < 59962588197863d0d746879f193905c0c6b3df49affected 138635cc27c9737f940c3aa80912ff7a61c825af - < 553366c271479c0d571dd1bb5d1bcde4747fb82e+3 more versions |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now