CVE-2026-43208
CriticalSummary
A vulnerability has been identified in the Linux kernel that has been resolved. The issue concerns passing flow_id to the set_rps_cpu() function, which may lead to out-of-bounds access and system crashes.
Risk Assessment
Organizations may be exposed to system crashes and potential security breaches due to improper memory access.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and minimize the risk of crashes.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flow_id in set_rps_cpu(), do not assume we can use the value computed by get_rps_cpu(). Otherwise we risk out-of-bound access and/or crashes.

