{"api_version":"1","generated_at":"2026-05-12T22:08:38+00:00","cve":"CVE-2026-43260","urls":{"html":"https://cve.report/CVE-2026-43260","api":"https://cve.report/api/cve/CVE-2026-43260.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43260","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43260"},"summary":{"title":"bnxt_en: Fix RSS context delete logic","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RSS context delete logic\n\nWe need to free the corresponding RSS context VNIC\nin FW everytime an RSS context is deleted in driver.\nCommit 667ac333dbb7 added a check to delete the VNIC\nin FW only when netif_running() is true to help delete\nRSS contexts with interface down.\n\nHaving that condition will make the driver leak VNICs\nin FW whenever close() happens with active RSS contexts.\nOn the subsequent open(), as part of RSS context restoration,\nwe will end up trying to create extra VNICs for which we\ndid not make any reservation. FW can fail this request,\nthereby making us lose active RSS contexts.\n\nSuppose an RSS context is deleted already and we try to\nprocess a delete request again, then the HWRM functions\nwill check for validity of the request and they simply\nreturn if the resource is already freed. So, even for\ndelete-when-down cases, netif_running() check is not\nnecessary.\n\nRemove the netif_running() condition check when deleting\nan RSS context.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-06 12:16:46","updated_at":"2026-05-08 20:31:55"},"problem_types":["CWE-415"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/079986d6db1f8e3d50c55f400cf998ac9690d2c8","name":"https://git.kernel.org/stable/c/079986d6db1f8e3d50c55f400cf998ac9690d2c8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9a9b89eea4a9cc7726702946ff688d716962fabd","name":"https://git.kernel.org/stable/c/9a9b89eea4a9cc7726702946ff688d716962fabd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/348a5f8d06c7bdf954e13c17ad5f80b59a075604","name":"https://git.kernel.org/stable/c/348a5f8d06c7bdf954e13c17ad5f80b59a075604","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e123d9302d223767bd910bfbcfe607bae909f8ac","name":"https://git.kernel.org/stable/c/e123d9302d223767bd910bfbcfe607bae909f8ac","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43260","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43260","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 348a5f8d06c7bdf954e13c17ad5f80b59a075604 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 079986d6db1f8e3d50c55f400cf998ac9690d2c8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 9a9b89eea4a9cc7726702946ff688d716962fabd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 667ac333dbb7e265b3f5bc4bc94e236f64682c86 e123d9302d223767bd910bfbcfe607bae909f8ac git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.11","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.11 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.75 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.16 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.6 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"43260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"348a5f8d06c7bdf954e13c17ad5f80b59a075604","status":"affected","version":"667ac333dbb7e265b3f5bc4bc94e236f64682c86","versionType":"git"},{"lessThan":"079986d6db1f8e3d50c55f400cf998ac9690d2c8","status":"affected","version":"667ac333dbb7e265b3f5bc4bc94e236f64682c86","versionType":"git"},{"lessThan":"9a9b89eea4a9cc7726702946ff688d716962fabd","status":"affected","version":"667ac333dbb7e265b3f5bc4bc94e236f64682c86","versionType":"git"},{"lessThan":"e123d9302d223767bd910bfbcfe607bae909f8ac","status":"affected","version":"667ac333dbb7e265b3f5bc4bc94e236f64682c86","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/ethernet/broadcom/bnxt/bnxt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.11"},{"lessThan":"6.11","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.75","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.16","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.6","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.75","versionStartIncluding":"6.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.16","versionStartIncluding":"6.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.6","versionStartIncluding":"6.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.11","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RSS context delete logic\n\nWe need to free the corresponding RSS context VNIC\nin FW everytime an RSS context is deleted in driver.\nCommit 667ac333dbb7 added a check to delete the VNIC\nin FW only when netif_running() is true to help delete\nRSS contexts with interface down.\n\nHaving that condition will make the driver leak VNICs\nin FW whenever close() happens with active RSS contexts.\nOn the subsequent open(), as part of RSS context restoration,\nwe will end up trying to create extra VNICs for which we\ndid not make any reservation. FW can fail this request,\nthereby making us lose active RSS contexts.\n\nSuppose an RSS context is deleted already and we try to\nprocess a delete request again, then the HWRM functions\nwill check for validity of the request and they simply\nreturn if the resource is already freed. So, even for\ndelete-when-down cases, netif_running() check is not\nnecessary.\n\nRemove the netif_running() condition check when deleting\nan RSS context."}],"providerMetadata":{"dateUpdated":"2026-05-06T11:28:48.113Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/348a5f8d06c7bdf954e13c17ad5f80b59a075604"},{"url":"https://git.kernel.org/stable/c/079986d6db1f8e3d50c55f400cf998ac9690d2c8"},{"url":"https://git.kernel.org/stable/c/9a9b89eea4a9cc7726702946ff688d716962fabd"},{"url":"https://git.kernel.org/stable/c/e123d9302d223767bd910bfbcfe607bae909f8ac"}],"title":"bnxt_en: Fix RSS context delete logic","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43260","datePublished":"2026-05-06T11:28:48.113Z","dateReserved":"2026-05-01T14:12:55.997Z","dateUpdated":"2026-05-06T11:28:48.113Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-06 12:16:46","lastModifiedDate":"2026-05-08 20:31:55","problem_types":["CWE-415"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43260","Ordinal":"1","Title":"bnxt_en: Fix RSS context delete logic","CVE":"CVE-2026-43260","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43260","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RSS context delete logic\n\nWe need to free the corresponding RSS context VNIC\nin FW everytime an RSS context is deleted in driver.\nCommit 667ac333dbb7 added a check to delete the VNIC\nin FW only when netif_running() is true to help delete\nRSS contexts with interface down.\n\nHaving that condition will make the driver leak VNICs\nin FW whenever close() happens with active RSS contexts.\nOn the subsequent open(), as part of RSS context restoration,\nwe will end up trying to create extra VNICs for which we\ndid not make any reservation. FW can fail this request,\nthereby making us lose active RSS contexts.\n\nSuppose an RSS context is deleted already and we try to\nprocess a delete request again, then the HWRM functions\nwill check for validity of the request and they simply\nreturn if the resource is already freed. So, even for\ndelete-when-down cases, netif_running() check is not\nnecessary.\n\nRemove the netif_running() condition check when deleting\nan RSS context.","Type":"Description","Title":"bnxt_en: Fix RSS context delete logic"}]}}}