bnxt_en: Fix RSS context delete logic
Summary
| CVE | CVE-2026-43260 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-06 12:16:46 UTC |
| Updated | 2026-05-08 20:31:55 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netif_running() is true to help delete RSS contexts with interface down. Having that condition will make the driver leak VNICs in FW whenever close() happens with active RSS contexts. On the subsequent open(), as part of RSS context restoration, we will end up trying to create extra VNICs for which we did not make any reservation. FW can fail this request, thereby making us lose active RSS contexts. Suppose an RSS context is deleted already and we try to process a delete request again, then the HWRM functions will check for validity of the request and they simply return if the resource is already freed. So, even for delete-when-down cases, netif_running() check is not necessary. Remove the netif_running() condition check when deleting an RSS context. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-415
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 348a5f8d06c7bdf954e13c17ad5f80b59a075604 git | Not specified |
| CNA | Linux | Linux | affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 079986d6db1f8e3d50c55f400cf998ac9690d2c8 git | Not specified |
| CNA | Linux | Linux | affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 9a9b89eea4a9cc7726702946ff688d716962fabd git | Not specified |
| CNA | Linux | Linux | affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 e123d9302d223767bd910bfbcfe607bae909f8ac git | Not specified |
| CNA | Linux | Linux | affected 6.11 | Not specified |
| CNA | Linux | Linux | unaffected 6.11 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.75 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.16 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.6 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/079986d6db1f8e3d50c55f400cf998ac9690d2c8 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/9a9b89eea4a9cc7726702946ff688d716962fabd | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/348a5f8d06c7bdf954e13c17ad5f80b59a075604 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/e123d9302d223767bd910bfbcfe607bae909f8ac | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.