From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16A183F0757 for ; Fri, 8 May 2026 14:27:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250446; cv=none; b=W4X4fQXQBGZs0lxk5O4v3b8zdZONS6xCTcwSVA2cpHHTX+NdQ//rCP7VpbTZ0FWpryvQWvrL9EYU2AjBf4biSKu/J5iS46vaHhdW/gp/Fh2q8C5a6SklhAzX4kZS37QbRHBGRUFycqndfknywWqG+xgCBIcWXirvIu/6tK1REN0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250446; c=relaxed/simple; bh=4X5nyk8LKQXjd5OMjStvl8IgM45qgY7tlcvcDN3+FrM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=c4SikR1kx3EN34M9loCrxaJ5P8G/LOmZt53A3ES6oiSSa0qBV+UocxeWwl8UZfJH3odBvYZwC8ji8gCvq8V2iSSrmBv4i7HAvAXjAX4nTR9M4Ma/PSRaCjB+YFNZvyPqmoXtVxULhx7vTd46MCbnj48YzFqcgWgM1TqyIF4DWCw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=AGTvV+id; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="AGTvV+id" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47703C2BCB0; Fri, 8 May 2026 14:27:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778250445; bh=4X5nyk8LKQXjd5OMjStvl8IgM45qgY7tlcvcDN3+FrM=; h=From:To:Cc:Subject:Date:Reply-To:From; b=AGTvV+idpOLviI0bJn/Cj/r0v7165/jcAav1Q2FFBM1suJ/62G+cgX+DpbgrKuSp1 JCbDIzjWi23e1fHLaE5GMcoHeCwXRyP29F77rDR6ogEzIBc17P1AQamoccv4LSkbDg 7IDwIA/ZQyi39v2PNS1vtgkt0/e/JywXW6R1Jntw= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43457: mctp: i2c: fix skb memory leak in receive path Date: Fri, 8 May 2026 16:23:06 +0200 Message-ID: <2026050800-CVE-2026-43457-85fe@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2794; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=3kcNCp7t2B9fqnSnbZulKBl92ZDwr0R0HAexHkz1ReE=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/P3aIB1xPaH/1xEjkw+Tjt+db3Jp1aUuf4ATWM9udH lRxzyrX6YhlYRBkYpAVU2T5so3n6P6KQ4pehranYeawMoEMYeDiFICJTNrNMIdbrHezyZntpVxs z/t/dOib9U1ZfIthfmijzM8HsdcqPp8vOnoi+M+x4NjnLwA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_rx(), it needs to free the skb directly. The Linux kernel CVE team has assigned CVE-2026-43457 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 6.1.167 with commit 0fb2adbdd5c03e8c9ebcdc48afd414b2724c85eb Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 6.6.130 with commit d7900a43b0a314a645ca0a2adf45928dbc7001f4 Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 6.12.78 with commit 9f81be2ab9d8e4744871bfb3e868ef413413829f Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 6.18.19 with commit 1ec54187e1aa40a4cfa2b265e9a311179f24b98d Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 6.19.9 with commit 1b1be322342a6b0085bf6ee52235e5ac9834ec25 Issue introduced in 5.18 with commit f5b8abf9fc3dacd7529d363e26fe8230935d65f8 and fixed in 7.0 with commit e3f5e0f22cfc2371e7471c9fd5b4da78f9df7c69 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43457 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/mctp/mctp-i2c.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0fb2adbdd5c03e8c9ebcdc48afd414b2724c85eb https://git.kernel.org/stable/c/d7900a43b0a314a645ca0a2adf45928dbc7001f4 https://git.kernel.org/stable/c/9f81be2ab9d8e4744871bfb3e868ef413413829f https://git.kernel.org/stable/c/1ec54187e1aa40a4cfa2b265e9a311179f24b98d https://git.kernel.org/stable/c/1b1be322342a6b0085bf6ee52235e5ac9834ec25 https://git.kernel.org/stable/c/e3f5e0f22cfc2371e7471c9fd5b4da78f9df7c69