CVE-2026-43465

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the net/mlx5e component regarding XDP multi-buf fragment counting for striding RQ. XDP multi-buf programs can modify the XDP buffer layout when calling bpf xdp pull data() or bpf xdp adjust tail(). A previous fix introduced a flaw where dropped fragments were not counted on the driver side, leading to page fragment reference counting errors. Specifically, when the mlx5 driver allocates a page pool page and an XDP program moves the header into the linear part of the buffer, the driver may skip counting a dropped tail fragment. This results in a negative reference counting error when the driver releases all fragments of the page. This issue affects XDP TX, XDP REDIRECT, and XDP PASS actions. The flaw was identified during test xdp native tx mb selftests, manifesting as a warning in the mlx5e page release fragmented() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.