Bug 2468040 (CVE-2026-43345)

Summary: CVE-2026-43345 kernel: net: ipa: fix event ring index not programmed for IPA v5.0+
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's ipa driver. This vulnerability, affecting IPA version 5.0 and later, stems from an incorrect event ring index programming, preventing GSI channels from signaling transfer completions. As a result, the system can experience hangs during operations such as runtime suspend, system suspend, and remoteproc stop. This leads to a Denial of Service (DoS), rendering the IPA data path completely non-functional.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-08 14:01:28 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: ipa: fix event ring index not programmed for IPA v5.0+

For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to
CH_C_CNTXT_1. The v5.0 register definition intended to define this
field in the CH_C_CNTXT_1 fmask array but used the old identifier of
ERINDEX instead of CH_ERINDEX.

Without a valid event ring, GSI channels could never signal transfer
completions. This caused gsi_channel_trans_quiesce() to block
forever in wait_for_completion().

At least for IPA v5.2 this resolves an issue seen where runtime
suspend, system suspend, and remoteproc stop all hanged forever. It
also meant the IPA data path was completely non functional.
Comment 1 Keith Grant 2026-05-08 19:32:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050837-CVE-2026-43345-3cfe@gregkh/T