XDP Fragmentation Vulnerability in Linux Kernel Affects Mellanox Drivers
CVE-2026-43464

7.5HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43464?

In the Linux kernel, a vulnerability pertaining to erroneous handling of XDP buffer fragments has been identified within the Mellanox drivers. This vulnerability stems from incorrect assumptions regarding the XDP buffer layout during the execution of programs that modify this layout. The issue lies in the driver failing to properly count dropped fragments, leading to potential page reference counting anomalies. This can result in negative reference counts, as noted in specific selftests, ultimately leading to system warnings and stability risks. The fix reverts certain changes to regain proper fragment counting while ensuring compatibility with original XDP operations.

Affected Version(s)

Linux afd5ba577c10639f62e8120df67dc70ea4b61176

Linux afd5ba577c10639f62e8120df67dc70ea4b61176 < 03cb50e5b74fce8bf6d92b860371b66253cf0f8d

Linux afd5ba577c10639f62e8120df67dc70ea4b61176

References

https://git.kernel.org/stable/c/c74557495efb4bd0adefdfc86...

https://git.kernel.org/stable/c/03cb50e5b74fce8bf6d92b860...

https://git.kernel.org/stable/c/a6413e6f6c9d9bb9833324cb3...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43464 Data

JSON