CVE-2026-43208

CRITICAL EPSS 37.9%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flow_id in set_rps_cpu(), do not assume we can use the value computed by get_rps_cpu(). Otherwise we risk out-of-bound access and/or crashes.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
37.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.18  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/5455a232edea6b946b99449f15ca771a8874a5a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a8a9fac9efa6423fd74938b940cb7d731780718
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed712dc0d64dee5f0d05e4d8ca57711f8a9c850c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5455a232edea6b946b99449f15ca771a8874a5a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a8a9fac9efa6423fd74938b940cb7d731780718
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed712dc0d64dee5f0d05e4d8ca57711f8a9c850c
    Patch