HOMEVULNERABILITIESCVE-2026-43234
MEDIUM

CVE-2026-43234

Published: May 6, 2026· Updated: May 12, 2026

5.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

team: avoid NETDEV_CHANGEMTU event when unregistering slave

syzbot is reporting

unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3

ref_tracker: netdev@ffff88807dcf8618 has 1/2 users at

__netdev_tracker_alloc include/linux/netdevice.h:4400 [inline]

netdev_hold include/linux/netdevice.h:4429 [inline]

inetdev_init+0x201/0x4e0 net/ipv4/devinet.c:286

inetdev_event+0x251/0x1610 net/ipv4/devinet.c:1600

notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85

call_netdevice_notifiers_mtu net/core/dev.c:2318 [inline]

netif_set_mtu_ext+0x5aa/0x800 net/core/dev.c:9886

netif_set_mtu+0xd7/0x1b0 net/core/dev.c:9907

dev_set_mtu+0x126/0x260 net/core/dev_api.c:248

team_port_del+0xb07/0xcb0 drivers/net/team/team_core.c:1333

team_del_slave drivers/net/team/team_core.c:1936 [inline]

team_device_event+0x207/0x5b0 drivers/net/team/team_core.c:2929

notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85

call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]

call_netdevice_notifiers net/core/dev.c:2295 [inline]

__dev_change_net_namespace+0xcb7/0x2050 net/core/dev.c:12592

do_setlink+0x2ce/0x4590 net/core/rtnetlink.c:3060

rtnl_changelink net/core/rtnetlink.c:3776 [inline]

__rtnl_newlink net/core/rtnetlink.c:3935 [inline]

rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072

rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958

netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550

netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]

netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344

netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894

problem. Ido Schimmel found steps to reproduce

ip link add name team1 type team

ip link add name dummy1 mtu 1499 master team1 type dummy

ip netns add ns1

ip link set dev dummy1 netns ns1

ip -n ns1 link del dev dummy1

and also found that the same issue was fixed in the bond driver in

commit f51048c3e07b ("bonding: avoid NETDEV_CHANGEMTU event when

unregistering slave").

Let's do similar thing for the team driver, with commit ad7c7b2172c3 ("net:

hold netdev instance lock during sysfs operations") and commit 303a8487a657

("net: s/__dev_set_mtu/__netif_set_mtu/") also applied.

NVD Source

Technical Analysis

CVE-2026-43234 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-43234
CVSS Score5.5 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedMay 6, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43234 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.