PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43467 Linux CVE debrief

CVE-2026-43467 is a Linux kernel availability issue in the mlx5 driver path. According to the CVE description, moving a device into switchdev mode could crash if the hardware does not support IPsec, because the code attempted to clean up IPsec resources anyway. The issue was published on 2026-05-08 and later updated on 2026-05-21, with official kernel patch references listed in NVD.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators using Mellanox/NVIDIA mlx5-based networking hardware should pay attention, especially where switchdev mode changes are performed through devlink or similar management workflows. Environments that do not use IPsec on the affected hardware still need the fix if they rely on switchdev transitions.

Technical summary

The bug is in the mlx5 switchdev transition path. When the device lacks IPsec support, the driver still reaches IPsec cleanup logic during the move to switchdev mode, which can dereference invalid state and trigger a kernel crash. The provided kernel trace shows the fault occurring in mlx5e_ipsec_disable_events during eswitch mode changes. NVD lists affected Linux kernel ranges including 6.12.56 through before 6.12.78, 6.17.6 through before 6.18, 6.18.1 through before 6.18.19, and 6.19 through before 6.19.9, plus several release candidates noted in the record.

Defensive priority

Medium

Recommended defensive actions

  • Apply the official Linux kernel fixes referenced by NVD for CVE-2026-43467.
  • Prioritize patching systems that use mlx5 hardware and may change eswitch or switchdev mode.
  • Verify whether your fleet includes kernels in the affected version ranges listed by NVD.
  • Test switchdev or devlink mode transitions after patching to confirm no regression in mlx5 networking workflows.
  • Monitor for unexpected kernel crashes during network profile changes on mlx5-based systems.
  • Track vendor kernel updates if you consume a downstream or backported kernel tree.

Evidence notes

All substantive claims here come from the supplied CVE description, the NVD record, and the official kernel patch links. The CVE text states the crash occurs when moving to switchdev mode on devices without IPsec support. The NVD record marks the issue as analyzed, provides a CVSS v3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and lists affected Linux kernel version ranges. No exploit details are included beyond the documented crash scenario.

Official resources

Publicly disclosed in the official CVE/NVD records on 2026-05-08, with the record updated on 2026-05-21. Patch references are available from official Linux kernel sources.