CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved:

net: do not pass flow_id to set_rps_cpu()

Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change.

Compute flow_id in set_rps_cpu(), do not assume we can use the value computed by get_rps_cpu(). Otherwise we risk out-of-bound access and/or crashes.