Bug 2468197 (CVE-2026-43373)

Summary: CVE-2026-43373 kernel: net: ncsi: fix skb leak in error paths
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel, specifically within the Network Controller Sideband Interface (NCSI) subsystem. This vulnerability occurs in the NCSI RX and Asynchronous Event Notification (AEN) handlers, where early return paths fail to release received socket buffers (skb) when processing invalid packets or failing to resolve NCSI devices or handlers. This oversight can lead to a memory leak, potentially resulting in a Denial of Service (DoS) condition for the affected system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-08 15:04:14 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: ncsi: fix skb leak in error paths

Early return paths in NCSI RX and AEN handlers fail to release
the received skb, resulting in a memory leak.

Specifically, ncsi_aen_handler() returns on invalid AEN packets
without consuming the skb. Similarly, ncsi_rcv_rsp() exits early
when failing to resolve the NCSI device, response handler, or
request, leaving the skb unfreed.
Comment 1 Keith Grant 2026-05-08 20:59:55 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050830-CVE-2026-43373-2e8a@gregkh/T