CVE-2026-43296 (GCVE-0-2026-43296)

Vulnerability from cvelistv5 – Published: 2026-05-08 13:11 – Updated: 2026-05-11 22:21
VLAI
Title
octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
Summary
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clear TM11 (bit 14) - Disabling sticky → non-sticky transition path that can deadlock PSE: - Clear TM5 (bit 23) - Preventing credit drops by keeping the control-flow clock enabled: - Set TM9 (bit 21) These changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this configuration the SQM/PSE maintain forward progress under load without credit loss, at the cost of disabling sticky optimizations.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < 9a3fd301329474f449e75f86d8a4f6b9c603fd6c (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < d0b3c8a80336029d9356f429151eb27922d80a3c (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < 36cc5a5e0178d5fb79e04173b8aa623b0108819a (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < d9b549b6951ba178ec14339a031cae65f4e43fe1 (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < cec2ceb35ce7bc874c43812bb39200d6cf691b87 (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < 8052d0587fb14b85539c3a14a226586c0c3d6b4c (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < b7eba260a34e854e2487b8363c11976f082df00d (git)
Affected: 5d9b976d4480dc0dcfa3719b645636d2f0f9f156 , < 70e9a5760abfb6338d63994d4de6b0778ec795d6 (git)
Create a notification for this product.
Linux Linux Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.252 , ≤ 5.10.* (semver)
Unaffected: 5.15.202 , ≤ 5.15.* (semver)
Unaffected: 6.1.165 , ≤ 6.1.* (semver)
Unaffected: 6.6.128 , ≤ 6.6.* (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9a3fd301329474f449e75f86d8a4f6b9c603fd6c",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "d0b3c8a80336029d9356f429151eb27922d80a3c",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "36cc5a5e0178d5fb79e04173b8aa623b0108819a",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "d9b549b6951ba178ec14339a031cae65f4e43fe1",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "cec2ceb35ce7bc874c43812bb39200d6cf691b87",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "8052d0587fb14b85539c3a14a226586c0c3d6b4c",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "b7eba260a34e854e2487b8363c11976f082df00d",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            },
            {
              "lessThan": "70e9a5760abfb6338d63994d4de6b0778ec795d6",
              "status": "affected",
              "version": "5d9b976d4480dc0dcfa3719b645636d2f0f9f156",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Workaround SQM/PSE stalls by disabling sticky\n\nNIX SQ manager sticky mode is known to cause stalls when multiple SQs\nshare an SMQ and transmit concurrently. Additionally, PSE may deadlock\non transitions between sticky and non-sticky transmissions. There is\nalso a credit drop issue observed when certain condition clocks are\ngated.\n\nwork around these hardware errata by:\n- Disabling SQM sticky operation:\n  - Clear TM6 (bit 15)\n  - Clear TM11 (bit 14)\n- Disabling sticky \u2192 non-sticky transition path that can deadlock PSE:\n  - Clear TM5 (bit 23)\n- Preventing credit drops by keeping the control-flow clock enabled:\n  - Set TM9 (bit 21)\n\nThese changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this\nconfiguration the SQM/PSE maintain forward progress under load without\ncredit loss, at the cost of disabling sticky optimizations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:48.777Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9a3fd301329474f449e75f86d8a4f6b9c603fd6c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/36cc5a5e0178d5fb79e04173b8aa623b0108819a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9b549b6951ba178ec14339a031cae65f4e43fe1"
        },
        {
          "url": "https://git.kernel.org/stable/c/cec2ceb35ce7bc874c43812bb39200d6cf691b87"
        },
        {
          "url": "https://git.kernel.org/stable/c/8052d0587fb14b85539c3a14a226586c0c3d6b4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7eba260a34e854e2487b8363c11976f082df00d"
        },
        {
          "url": "https://git.kernel.org/stable/c/70e9a5760abfb6338d63994d4de6b0778ec795d6"
        }
      ],
      "title": "octeontx2-af: Workaround SQM/PSE stalls by disabling sticky",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43296",
    "datePublished": "2026-05-08T13:11:18.870Z",
    "dateReserved": "2026-05-01T14:12:55.999Z",
    "dateUpdated": "2026-05-11T22:21:48.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43296",
      "date": "2026-05-28",
      "epss": "0.00061",
      "percentile": "0.1934"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43296\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-08T14:16:36.727\",\"lastModified\":\"2026-05-15T15:03:44.770\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nocteontx2-af: Workaround SQM/PSE stalls by disabling sticky\\n\\nNIX SQ manager sticky mode is known to cause stalls when multiple SQs\\nshare an SMQ and transmit concurrently. Additionally, PSE may deadlock\\non transitions between sticky and non-sticky transmissions. There is\\nalso a credit drop issue observed when certain condition clocks are\\ngated.\\n\\nwork around these hardware errata by:\\n- Disabling SQM sticky operation:\\n  - Clear TM6 (bit 15)\\n  - Clear TM11 (bit 14)\\n- Disabling sticky \u2192 non-sticky transition path that can deadlock PSE:\\n  - Clear TM5 (bit 23)\\n- Preventing credit drops by keeping the control-flow clock enabled:\\n  - Set TM9 (bit 21)\\n\\nThese changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this\\nconfiguration the SQM/PSE maintain forward progress under load without\\ncredit loss, at the cost of disabling sticky optimizations.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.252\",\"matchCriteriaId\":\"48EE401F-E8DF-4A1F-808F-321370662E5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.202\",\"matchCriteriaId\":\"4002FC2B-1456-4666-B240-0EBF590C4671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.165\",\"matchCriteriaId\":\"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.128\",\"matchCriteriaId\":\"851E9353-6C09-4CC9-877E-E09DB164A3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.75\",\"matchCriteriaId\":\"BCE16369-98ED-41CF-8995-DFDC10B288D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.16\",\"matchCriteriaId\":\"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.6\",\"matchCriteriaId\":\"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/36cc5a5e0178d5fb79e04173b8aa623b0108819a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/70e9a5760abfb6338d63994d4de6b0778ec795d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8052d0587fb14b85539c3a14a226586c0c3d6b4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9a3fd301329474f449e75f86d8a4f6b9c603fd6c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b7eba260a34e854e2487b8363c11976f082df00d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cec2ceb35ce7bc874c43812bb39200d6cf691b87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d9b549b6951ba178ec14339a031cae65f4e43fe1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.