CVE-2026-43039— TI ICSSG PRUSS 以太网驱动 ZC RX 调度数据拷贝缺失及回收错误漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-43039 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via napi_alloc_skb() but never copies the packet data from the XDP buffer into it. The skb is passed up the stack containing uninitialized heap memory instead of the actual received packet, leaking kernel heap contents to userspace. Copy the received packet data from the XDP buffer into the skb using skb_copy_to_linear_data(). Additionally, remove the skb_mark_for_recycle() call since the skb is backed by the NAPI page frag allocator, not page_pool. Marking a non-page_pool skb for recycle causes the free path to return pages to a page_pool that does not own them, corrupting page_pool state. The non-ZC path (emac_rx_packet) does not have these issues because it uses napi_build_skb() to wrap the existing page_pool page directly, requiring no copy, and correctly marks for recycle since the page comes from page_pool_dev_alloc_pages().
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-43039 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-43039 的情报信息
Please 登录 to view more intelligence information
同批安全公告 · Linux · 2026-05-01 · 共 146 条
| CVE-2026-43011 | 9.8 CRITICAL | Linux X.25模块 潜在双重释放漏洞 |
| CVE-2026-43037 | 9.8 CRITICAL | ip6_tunnel 远程代码执行漏洞 |
| CVE-2026-31705 | 9.8 CRITICAL | ksmbd smb2_get_ea() EA对齐越界写入漏洞 |
| CVE-2026-43038 | 9.8 CRITICAL | IPv6 ICMP ip6_err_gen_icmpv6_unreach() 内存越界漏洞 |
| CVE-2026-31718 | 9.8 CRITICAL | Linux ksmbd 远程代码执行漏洞 |
| CVE-2026-43018 | 8.8 HIGH | 蓝牙hci_event:修复hci_le_remote_conn_param_req_evt中的UAF漏洞 |
| CVE-2026-31773 | 8.8 HIGH | 蓝牙 SMP 遗留响应者 STK 认证漏洞 |
| CVE-2026-31739 | 8.8 HIGH | Tegra 驱动缺少 CRYPTO_ALG_ASYNC 标志漏洞 |
| CVE-2026-31735 | 8.8 HIGH | iommupt: 修复映射中短收集漏洞 |
| CVE-2026-31717 | 8.8 HIGH | ksmbd 持久句柄重连所有者验证漏洞 |
| CVE-2026-31706 | 8.8 HIGH | ksmbd: smb_inherit_dacl() 访问控制验证与强化漏洞 |
| CVE-2026-43048 | 8.8 HIGH | HID核心模块移除虚假memset导致越界访问漏洞 |
| CVE-2026-31709 | 8.8 HIGH | SMB客户端cifsacl DACL重写前验证漏洞 |
| CVE-2026-31712 | 8.3 HIGH | ksmbd smb_check_perm_dacl权限检查漏洞 |
| CVE-2026-31771 | 8.1 HIGH | 蓝牙 hci_event 唤醒原因存储漏洞 |
| CVE-2026-31779 | 8.1 HIGH | iwlwifi iwl_mvm_nd_match_info_handler 越界读取漏洞 |
| CVE-2026-31708 | 8.1 HIGH | smb2_ioctl_query_info 越界读取漏洞 |
| CVE-2026-43051 | 8.1 HIGH | Wacom HID驱动程序越界读取漏洞 |
| CVE-2026-31780 | 7.8 HIGH | wilc1000 SSID扫描缓冲区大小计算u8溢出漏洞 |
| CVE-2026-31782 | 7.8 HIGH | Intel PMU intel_pmu_hw_config 潜在容器索引错误漏洞 |
显示前 20 条,共 146 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-43039
暂无评论