CVE-2026-43371

MEDIUMNVD 5.55.5
EchelonGraph scoreMEDIUM confidence

Score 5.5 from GitHub Security Advisory published 2026-05-08. NVD baseline CVSS 5.5; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
5.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

net: macb: Shuffle the tx ring before enabling tx

Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that the issue originates from a problem in the macb driver.

According to the Zynq UltraScale TRM [1], when transmit is disabled, the transmit buffer queue pointer resets to point to the address specified by the transmit buffer queue base address register.

In the current implementation, the code merely resets queue->tx_head and queue->tx_tail to '0'. This approach presents several issues:

  • Packets already queued in the tx ring are silently lost,
leading to memory leaks since the associated skbs cannot be released.
  • Concurrent write access to queue->tx_head and queue->tx_tail may
occur from macb_tx_poll() or macb_start_xmit() when these values are reset to '0'.
  • The transmission may become stuck on a packet that has already been sent
out, with its 'TX_USED' bit set, but has not yet been processed. However, due to the manipulation of 'queue->tx_head' and 'queue->tx_tail', macb_tx_poll() incorrectly assumes there are no packets to handle because queue->tx_head == queue->tx_tail. This issue is only resolved when a new packet is placed at this position. This is the root cause of the prolonged recovery time observed for the NFS root filesystem.

To resolve this issue, shuffle the tx ring and tx skb array so that the first unsent packet is positioned at the start of the tx ring. Additionally, ensure that updates to queue->tx_head and queue->tx_tail are properly protected with the appropriate lock.

[1] https://docs.amd.com/v/u/en-US/ug1085-zynq-ultrascale-trm

CVSS v3
5.5
EG Score
5.5(medium)
EPSS
2.4%
KEV
Not listed

Published

May 8, 2026

Last Modified

May 15, 2026

Advisory Details (6)

Auto-updated Jun 15, 2026
No patch confirmed yet.
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c6783bfa31a59f34fe4feb1bdbf67791ef3fb0b7
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/88f974fe118cb4653f029929ecbca7cfe06132ae
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/881a0263d502e1a93ebc13a78254e9ad19520232
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/58f5d34f88e8f00910b692537f7b2efdb8c3705d
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/403182e0771b250cfde0fe7e1081d095ceaf8230
generic

net: macb: Shuffle the tx ring before enabling tx - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/0a47c3889fcd843c72aa57fa8c4d06f5801fced4

Vendor Advisories for CVE-2026-43371(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Frequently asked(5)

What is CVE-2026-43371?
CVE-2026-43371 is a medium vulnerability published on May 8, 2026. In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that…
When was CVE-2026-43371 disclosed?
CVE-2026-43371 was first published in the National Vulnerability Database on May 8, 2026, with the most recent update on May 15, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-43371 actively exploited?
CVE-2026-43371 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 2.4% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-43371?
CVE-2026-43371 has a CVSS v3 base score of 5.5 (NVD).
How do I remediate CVE-2026-43371?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-43371, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-43371

Explore →

Is Your Infrastructure Affected by CVE-2026-43371?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.