Linux Kernel Vulnerability in Mellanox mlx5 Driver
CVE-2026-43465

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43465?

A vulnerability in the Mellanox mlx5 driver of the Linux kernel occurs when XDP multi-buf programs manipulate the buffer layout during execution, leading to dropped fragments that are not properly counted. This causes negative reference counting errors and can affect system stability. The issue was revealed during self-testing with a lack of payload in packet transfers, resulting in warnings and potential system crashes. An appropriate patch has since been applied to rectify the frag counting mechanism.

Affected Version(s)

Linux 87bcef158ac1faca1bd7e0104588e8e2956d10be < 7d7342a18fadcdb70a63b3c930dc63528ce51832

Linux 87bcef158ac1faca1bd7e0104588e8e2956d10be < 043bd62f748bc9fd98154037aa598cffbd3c667c

Linux 87bcef158ac1faca1bd7e0104588e8e2956d10be

References

https://git.kernel.org/stable/c/7d7342a18fadcdb70a63b3c93...

https://git.kernel.org/stable/c/043bd62f748bc9fd98154037a...

https://git.kernel.org/stable/c/db25c42c2e1f9c0d136420fff...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43465 Data

JSON