CVE-2026-43296

/* * PoC / Workaround Code for CVE-2026-43296 * This code demonstrates the register manipulation required to mitigate * the SQM/PSE stalls in the octeontx2-af driver. */ #include <linux/io.h> #include <linux/types.h> #define NIX_AF_SQM_DBG_CTL_STATUS 0x0 void apply_octeontx2_workaround(void __iomem *base) { u64 val; // Read current register value val = readq(base + NIX_AF_SQM_DBG_CTL_STATUS); // Workaround for hardware errata: // 1. Disable SQM sticky operation (Clear TM6 bit 15 and TM11 bit 14) val &= ~(BIT(15) | BIT(14)); // 2. Disable sticky -> non-sticky transition path to prevent PSE deadlock (Clear TM5 bit 23) val &= ~BIT(23); // 3. Prevent credit drops by keeping control-flow clock enabled (Set TM9 bit 21) val |= BIT(21); // Apply the configuration writeq(val, base + NIX_AF_SQM_DBG_CTL_STATUS); } // Note: This is the kernel patch logic. To verify the vulnerability, // one would need to reverse these bits on affected hardware and // generate high network traffic to trigger the stall.

{"cve": {"id": "CVE-2026-43296", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-08T14:16:36.727", "lastModified": "2026-05-11T08:16:08.657", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Workaround SQM/PSE stalls by disabling sticky\n\nNIX SQ manager sticky mode is known to cause stalls when multiple SQs\nshare an SMQ and transmit concurrently. Additionally, PSE may deadlock\non transitions between sticky and non-sticky transmissions. There is\nalso a credit drop issue observed when certain condition clocks are\ngated.\n\nwork around these hardware errata by:\n- Disabling SQM sticky operation:\n - Clear TM6 (bit 15)\n - Clear TM11 (bit 14)\n- Disabling sticky → non-sticky transition path that can deadlock PSE:\n - Clear TM5 (bit 23)\n- Preventing credit drops by keeping the control-flow clock enabled:\n - Set TM9 (bit 21)\n\nThese changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this\nconfiguration the SQM/PSE maintain forward progress under load without\ncredit loss, at the cost of disabling sticky optimizations."}], "metrics": {"cvssMetricV31": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "references": [{"url": "https://git.kernel.org/stable/c/36cc5a5e0178d5fb79e04173b8aa623b0108819a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70e9a5760abfb6338d63994d4de6b0778ec795d6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8052d0587fb14b85539c3a14a226586c0c3d6b4c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9a3fd301329474f449e75f86d8a4f6b9c603fd6c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b7eba260a34e854e2487b8363c11976f082df00d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cec2ceb35ce7bc874c43812bb39200d6cf691b87", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d9b549b6951ba178ec14339a031cae65f4e43fe1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}