From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E41E03DDDDB for ; Fri, 8 May 2026 13:14:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246049; cv=none; b=OipR8C5vfqzqfX7G4Na7hr8XSG8wHQeyG42c9zFs2IQajPPWJeDrfR8C2tTNZ3/EMKj8nHQc4dnLxWBwmb4kuck8sX1rrRY8TpkxMG35pm6Ti0tKWlajVzaCx9K+J+iHiO4s9PLHofH1Xnyma7Ry/O+Pcf0Dmo/HIkfZImOBFx8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246049; c=relaxed/simple; bh=JxnZ5vwJxmOudAbdmGHQSwfzj891s+g5ChNL8u2e2oo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=GSZQnGsqQWWlKd28Wbxpg8qjvep9WVXMODhXjFw2kumWd43JKLPiQlr5u76yBPaxyKSPwRXfC8bx5bQi6UzBMqCIbsVujwNg3sMakjZhnZsUmdzbVZfe6AZNeeftjHJIXhkMDPvbnft9hhrOxoGsOzVoJIJSgeDpuP/0fzXEMh0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=al2eTbAg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="al2eTbAg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 36EA2C2BCB8; Fri, 8 May 2026 13:14:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778246048; bh=JxnZ5vwJxmOudAbdmGHQSwfzj891s+g5ChNL8u2e2oo=; h=From:To:Cc:Subject:Date:Reply-To:From; b=al2eTbAgFLmffvIHBfJvMWbjRERw+86qNbct0D7OdsRW36lrp8ZAWP2SZoz0j6VDE OHADlhv0rMJ5LTPUbQbioYi9pQHq+K8sEZWQu8AbdNFmV/JsOYvGvIlcEM5bC4o0fo AfYdGnqarKO8W2/tWVOYpoNXNItPNC0NXkxKhLL0= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky Date: Fri, 8 May 2026 15:12:01 +0200 Message-ID: <2026050854-CVE-2026-43296-5e1f@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3319; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=abIuBB+2K7emuuyvu6NlgFfAjkfN58cbfUvvphkEVfw=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/H0pXrnZc/zJz9yk/10/WD/LmGa/clcD7sFTvxsy2y TqLJDndO2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAiHOUMc/i3qllfjNifsX7V BplpB6uWFlvc2cswi6mw5GdA7dVjfvbtBh2pfdNOXVmcDgA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clear TM11 (bit 14) - Disabling sticky → non-sticky transition path that can deadlock PSE: - Clear TM5 (bit 23) - Preventing credit drops by keeping the control-flow clock enabled: - Set TM9 (bit 21) These changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this configuration the SQM/PSE maintain forward progress under load without credit loss, at the cost of disabling sticky optimizations. The Linux kernel CVE team has assigned CVE-2026-43296 to this issue. Affected and fixed versions =========================== Fixed in 5.10.252 with commit 9a3fd301329474f449e75f86d8a4f6b9c603fd6c Fixed in 5.15.202 with commit d0b3c8a80336029d9356f429151eb27922d80a3c Fixed in 6.1.165 with commit 36cc5a5e0178d5fb79e04173b8aa623b0108819a Fixed in 6.6.128 with commit d9b549b6951ba178ec14339a031cae65f4e43fe1 Fixed in 6.12.75 with commit cec2ceb35ce7bc874c43812bb39200d6cf691b87 Fixed in 6.18.16 with commit 8052d0587fb14b85539c3a14a226586c0c3d6b4c Fixed in 6.19.6 with commit b7eba260a34e854e2487b8363c11976f082df00d Fixed in 7.0 with commit 70e9a5760abfb6338d63994d4de6b0778ec795d6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43296 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9a3fd301329474f449e75f86d8a4f6b9c603fd6c https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c https://git.kernel.org/stable/c/36cc5a5e0178d5fb79e04173b8aa623b0108819a https://git.kernel.org/stable/c/d9b549b6951ba178ec14339a031cae65f4e43fe1 https://git.kernel.org/stable/c/cec2ceb35ce7bc874c43812bb39200d6cf691b87 https://git.kernel.org/stable/c/8052d0587fb14b85539c3a14a226586c0c3d6b4c https://git.kernel.org/stable/c/b7eba260a34e854e2487b8363c11976f082df00d https://git.kernel.org/stable/c/70e9a5760abfb6338d63994d4de6b0778ec795d6