CVE-2026-43296

EUVD-2026-28566
In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: Workaround SQM/PSE stalls by disabling sticky

NIX SQ manager sticky mode is known to cause stalls when multiple SQs
share an SMQ and transmit concurrently. Additionally, PSE may deadlock
on transitions between sticky and non-sticky transmissions. There is
also a credit drop issue observed when certain condition clocks are
gated.

work around these hardware errata by:
- Disabling SQM sticky operation:
  - Clear TM6 (bit 15)
  - Clear TM11 (bit 14)
- Disabling sticky → non-sticky transition path that can deadlock PSE:
  - Clear TM5 (bit 23)
- Preventing credit drops by keeping the control-flow clock enabled:
  - Set TM9 (bit 21)

These changes are applied via NIX_AF_SQM_DBG_CTL_STATUS. With this
configuration the SQM/PSE maintain forward progress under load without
credit loss, at the cost of disabling sticky optimizations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.252
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.202
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.165
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.128
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.75
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.16
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.1.150700.17.35.4
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.1.150700.17.35.4
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.1.150700.17.35.4
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.2
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.2
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.2
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.60.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.60.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/36cc5a5e0178d5fb79e04173b8aa623b0108819a
https://git.kernel.org/stable/c/70e9a5760abfb6338d63994d4de6b0778ec795d6
https://git.kernel.org/stable/c/8052d0587fb14b85539c3a14a226586c0c3d6b4c
https://git.kernel.org/stable/c/9a3fd301329474f449e75f86d8a4f6b9c603fd6c
https://git.kernel.org/stable/c/b7eba260a34e854e2487b8363c11976f082df00d
https://git.kernel.org/stable/c/cec2ceb35ce7bc874c43812bb39200d6cf691b87
https://git.kernel.org/stable/c/d0b3c8a80336029d9356f429151eb27922d80a3c
https://git.kernel.org/stable/c/d9b549b6951ba178ec14339a031cae65f4e43fe1