HIGH
ncsi Packet Leak
CVE-2026-43373
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
KernelScan AI3.3LOW
01Description
In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed.
02KernelScan AI Analysis
Risk summary
Systems using NCSI (Network Controller Sideband Interface) for network management may experience gradual memory exhaustion due to leaked socket buffers. This affects servers and embedded systems with BMC/management controllers that use NCSI for out-of-band network management.
Vulnerability analysis
The vulnerability is a memory leak in the NCSI (Network Controller Sideband Interface) packet handling code. In ncsi_rcv_rsp() and ncsi_aen_handler(), early return paths fail to call kfree_skb() when validation fails or devices cannot be resolved, causing socket buffers to accumulate in memory. The fix adds proper error handling with goto statements that ensure skb cleanup before returning error codes. NCSI is used for management network communication between BMCs and network controllers, making this reachable through management interfaces.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 5.10 | 5.10.253 | 9891d7f4f1ed |
| 5.15 | 5.15.203 | fef5aa6e3bcf |
| 6.1 | 6.1.167 | 81d6aee32f8f |
| 6.12 | 6.12.78 | 553366c27147 |
| 6.18 | 6.18.19 | b70c4e5e7119 |
| 6.19 | 6.19.9 | 87138dde2d69 |
| 6.6 | 6.6.130 | 599625881978 |
| mainline | 7.0 | 5c3398a54266 |