HOMEVULNERABILITIESCVE-2026-43371
NONE

CVE-2026-43371

Published: May 8, 2026· Updated: May 12, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:7.0th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net: macb: Shuffle the tx ring before enabling tx

Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board,

the rootfs may take an extended time to recover after a suspend.

Upon investigation, it was determined that the issue originates from a

problem in the macb driver.

According to the Zynq UltraScale TRM [1], when transmit is disabled,

the transmit buffer queue pointer resets to point to the address

specified by the transmit buffer queue base address register.

In the current implementation, the code merely resets `queue->tx_head`

and `queue->tx_tail` to '0'. This approach presents several issues:

- Packets already queued in the tx ring are silently lost,

leading to memory leaks since the associated skbs cannot be released.

- Concurrent write access to `queue->tx_head` and `queue->tx_tail` may

occur from `macb_tx_poll()` or `macb_start_xmit()` when these values

are reset to '0'.

- The transmission may become stuck on a packet that has already been sent

out, with its 'TX_USED' bit set, but has not yet been processed. However,

due to the manipulation of 'queue->tx_head' and 'queue->tx_tail',

`macb_tx_poll()` incorrectly assumes there are no packets to handle

because `queue->tx_head == queue->tx_tail`. This issue is only resolved

when a new packet is placed at this position. This is the root cause of

the prolonged recovery time observed for the NFS root filesystem.

To resolve this issue, shuffle the tx ring and tx skb array so that

the first unsent packet is positioned at the start of the tx ring.

Additionally, ensure that updates to `queue->tx_head` and

`queue->tx_tail` are properly protected with the appropriate lock.

[1] https://docs.amd.com/v/u/en-US/ug1085-zynq-ultrascale-trm

NVD Source

Technical Analysis

CVE-2026-43371 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-43371
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43371 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.