CVE-2026-43295

/* * Conceptual Proof of Concept for CVE-2026-43295 * This code simulates the condition required to trigger the vulnerability. * Note: Exploiting this issue typically requires specific hardware or memory pressure. */ #include <linux/module.h> #include <linux/kernel.h> #include <linux/rio.h> void模拟漏洞触发(void) { struct rio_mport *mport; // In a real scenario, this would be called during RIO enumeration // when kzalloc for idtab fails (e.g., due to memory pressure). // Vulnerable logic simulation: // if (!idtab) // rio_free_net(net); // Incorrect for unregistered net // Fixed logic: // if (!idtab) { // kfree(net); // mport->net = NULL; // } printk(KERN_INFO "Attempting to trigger Rapidio allocation failure path\n"); } int init_module(void) { 模拟漏洞触发(); return 0; } void cleanup_module(void) { printk(KERN_INFO "Module unloaded\n"); } MODULE_LICENSE("GPL");

{"cve": {"id": "CVE-2026-43295", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-08T14:16:36.593", "lastModified": "2026-05-14T19:44:24.170", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()\n\nWhen idtab allocation fails, net is not registered with rio_add_net() yet,\nso kfree(net) is sufficient to release the memory. Set mport->net to NULL\nto avoid dangling pointer."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.10.252", "matchCriteriaId": "0DB3E8C4-EB57-44E8-940A-24E3B7666BE2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.202", "matchCriteriaId": "4002FC2B-1456-4666-B240-0EBF590C4671"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.165", "matchCriteriaId": "797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.128", "matchCriteriaId": "851E9353-6C09-4CC9-877E-E09DB164A3C2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.75", "matchCriteriaId": "BCE16369-98ED-41CF-8995-DFDC10B288D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.16", "matchCriteriaId": "B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/34a4f233df5eef5f1f113b2196142c0568b387f8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/649c2e853608cad0b0cba545555d168e67f094b3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/666183dcdd9ad3b8156a1df7f204f728f720380f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/78812c4fb7ed242d5961bf1337a49070d6487c94", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/83e579c2f7f6b1706323d744833b26470049dcc2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/87272e3e70ec4b666885bd520ff77463c11444ef", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e5a732bfe29451e16abf9c6f07ce5948b22f3d59", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/fecf292c6691970897396190855aa38826b7104e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}