CVE-2026-43445

Source
https://cve.org/CVERecord?id=CVE-2026-43445
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43445.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43445
Downstream
Published
2026-05-08T14:22:12.660Z
Modified
2026-07-07T08:39:46.796113507Z
Summary
e1000/e1000e: Fix leak in DMA error cleanup
Details

In the Linux kernel, the following vulnerability has been resolved:

e1000/e1000e: Fix leak in DMA error cleanup

If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb.

Because count is incremented after a successful mapping, it will always match the correct number of unmappings needed when dmaerror is reached. Decrementing count before the while loop in dmaerror causes an off-by-one error. If any mapping was successful before an unsuccessful mapping, exactly one DMA mapping would leak.

In these commits, a faulty while condition caused an infinite loop in dmaerror: Commit 03b1320dfcee ("e1000e: remove use of skbdmamap from e1000e driver") Commit 602c0554d7b0 ("e1000: remove use of skbdma_map from e1000 driver")

Commit c1fa347f20f1 ("e1000/e1000e/igb/igbvf/ixgb/ixgbe: Fix tests of unsigned in *txmap()") fixed the infinite loop, but introduced the off-by-one error.

This issue may still exist in the igbvf driver, but I did not address it in this patch.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43445.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c1fa347f20f17f14a4a1575727fa24340e8a9117
Fixed
7eaeb778bfaa3b2a804f89321c234d59c74569db
Fixed
0606c24a745bafd1be5d66c48361638cd9cad74b
Fixed
519051c711dfd239ef6e4b28878efee400a035f9
Fixed
0a1fc25deabab4efce64610e3c449485c4fa8f5f
Fixed
fa5ba9867a55e640df0dc79bf0199770fb043f03
Fixed
30e87ade8d678c25a8546cf38c0b498fa5cb27d3
Fixed
10b5e65959e955a1c8894e0a5413944b5a70204a
Fixed
e94eaef11142b01f77bf8ba4d0b59720b7858109

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43445.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.33
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43445.json"