Bug 2466995 (CVE-2026-43081)

Summary: CVE-2026-43081 kernel: net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's Integrated Packet Accelerator (IPA) driver. Incorrectly configured register field masks for IPA version 5.0 and newer could lead to system instability. This issue may manifest as a warning when attempting to send commands to the MPSS remoteproc, potentially resulting in a denial of service where the system fails to operate as intended.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 10:02:20 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+

Fix the field masks to match the hardware layout documented in
downstream GSI (GSI_V3_0_EE_n_GSI_EE_GENERIC_CMD_*).

Notably this fixes a WARN I was seeing when I tried to send "stop"
to the MPSS remoteproc while IPA was up.
Comment 1 Alexander B 2026-05-06 14:45:37 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050614-CVE-2026-43081-c0d9@gregkh/T