Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-43208: Linux Kernel: Incorrect RPS Table Access Can Cause Crashes
CVE-2026-43208
Summary
The Linux kernel has a bug that can cause crashes or incorrect behavior when accessing the Receive Packet Steering (RPS) table. This bug has been fixed, and it's essential to update your Linux kernel to the latest version to prevent potential issues. If you're using a custom kernel, you should recompile it with the latest changes to ensure you have the fix.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| linux | linux_kernel |
>= 6.18, < 6.18.16 >= 6.19, < 6.19.6 7.0 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Original title
In the Linux kernel, the following vulnerability has been resolved:
net: do not pass flow_id to set_rps_cpu()
Blamed commit made the assumption that the RPS table for each receive
queue would hav...
Original description
In the Linux kernel, the following vulnerability has been resolved:
net: do not pass flow_id to set_rps_cpu()
Blamed commit made the assumption that the RPS table for each receive
queue would have the same size, and that it would not change.
Compute flow_id in set_rps_cpu(), do not assume we can use the value
computed by get_rps_cpu(). Otherwise we risk out-of-bound access
and/or crashes.
net: do not pass flow_id to set_rps_cpu()
Blamed commit made the assumption that the RPS table for each receive
queue would have the same size, and that it would not change.
Compute flow_id in set_rps_cpu(), do not assume we can use the value
computed by get_rps_cpu(). Otherwise we risk out-of-bound access
and/or crashes.
nvd CVSS3.1
9.8
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 6 May 2026 · Updated: 28 May 2026 · First seen: 8 May 2026