CVE-2026-43014
Description
In the Linux kernel, the following vulnerability has been resolved:
net: macb: properly unregister fixed rate clocks
The additional resources allocated with clk_register_fixed_rate() need to be released with clk_unregister_fixed_rate(), otherwise they are lost.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's macb driver occurs when fixed-rate clocks are not properly unregistered, leading to resource exhaustion.
Vulnerability
Description
CVE-2026-43014 is a memory leak vulnerability in the Linux kernel's macb (Cadence MACB/GEM) Ethernet driver. The issue arises because the driver allocates resources using clk_register_fixed_rate() but fails to release them with clk_unregister_fixed_rate() during cleanup or removal. This oversight causes the allocated clock resources to be lost, resulting in a memory leak [1].
Exploitation and
Impact
The vulnerability is triggered during normal driver lifecycle operations, such as module removal or device unbinding, when the driver's cleanup path does not properly unregister the fixed-rate clocks. An attacker with local access and the ability to trigger these operations (e.g., by unloading the network driver module) could repeatedly cause memory leaks. Over time, this could exhaust system memory, leading to denial of service (DoS) conditions. The CVSS v3 score of 5.5 (Medium) reflects the need for local access and the potential for availability impact [2].
Mitigation
The fix involves adding calls to clk_unregister_fixed_rate_unregister() in the appropriate cleanup paths of the macb driver. Patches have been applied to the Linux kernel stable branches, as referenced in the commit history [3][4]. Users are advised to update their kernel to a version containing the fix or apply the relevant patch to prevent resource exhaustion.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.10,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/015aa24d3721a05b40935b8af78b49cadf616b8dnvdPatch
- git.kernel.org/stable/c/5392a5174df4f5a2fad2f00e8c617394d0efe031nvdPatch
- git.kernel.org/stable/c/54c6f0e7682433abed0304ac2f5cb71a92d4b366nvdPatch
- git.kernel.org/stable/c/6ec567425c057fd850651ee09b31d059ef960e0fnvdPatch
- git.kernel.org/stable/c/e1f6f47d6e60d51c3294e5b85787e9aee24c450envdPatch
- git.kernel.org/stable/c/e35dbfdb1b7710f04ff5c9972ea04971d823a22dnvdPatch
- git.kernel.org/stable/c/ec1be2ce0d94506f11b22066fd6dc5eb4341b14fnvdPatch
- git.kernel.org/stable/c/f0f367a4f459cc8118aadc43c6bba53c60d93f8dnvdPatch
News mentions
0No linked articles in our index yet.