DMA Desynchronization Vulnerability in Linux Kernel by Mellanox
CVE-2026-43466

8.2HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43466?

A vulnerability has been identified in the Linux kernel's handling of DMA FIFO, specifically concerning the Mellanox network driver. This flaw occurs during transmission error recovery, leading to a desynchronization between DMA FIFO producer and consumer states. Upon triggering a recovery, while the producer continues to write to prior memory locations, the consumer starts reading from the initial position, risking the unmapping of stale DMA addresses. This lack of synchronization can result in data integrity issues and instability in network operations, highlighting the need for vigilant updates and remediation to protect systems utilizing the Linux kernel.

Affected Version(s)

Linux db75373c91b0cfb6a68ad6ae88721e4e21ae6261 < 821f85d619f7f22cda7b9d7de89cf5eeb1d11544

Linux db75373c91b0cfb6a68ad6ae88721e4e21ae6261 < 6eb68ecc5acc3b319986566c595990b8a7265b23

Linux db75373c91b0cfb6a68ad6ae88721e4e21ae6261 < 6f41f7812bfa7f991b732a4b45c5c52fc4be3b4e

References

https://git.kernel.org/stable/c/821f85d619f7f22cda7b9d7de...

https://git.kernel.org/stable/c/6eb68ecc5acc3b319986566c5...

https://git.kernel.org/stable/c/6f41f7812bfa7f991b732a4b4...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43466 Data

JSON