What is CVE-2026-43234?

CVE-2026-43234 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 3.3 onward and patched in 6.18.16, 6.19.6 and 7.0. CVE-2026-43234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-43234?

CVE-2026-43234 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-43234?

Yes, CVE-2026-43234 has been patched. Fixed versions include 6.18.16, 6.19.6 and 7.0. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-43234 actively exploited?

CVE-2026-43234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-43234

Medium

In the Linux kernel, the following vulnerability has been resolved: team: avoid NETDEV_CHANGEMTU event when unregistering slave syzbot is reporting unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3 ref_tracker: netdev@ffff88807dcf8618 has 1/2 users at __netdev_tracker_alloc include/linux/netdevice.h:4400 [inline] netdev_hold include/linux/netdevice.h:4429 [inline] inetdev_init+0x201/0x4e0 net/ipv4/devinet.c:286 inetdev_event+0x251/0x1610 net/ipv4/devinet.c:1600 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85 call_netdevice_notifiers_mtu net/core/dev.c:2318 [inline] netif_set_mtu_ext+0x5aa/0x800 net/core/dev.c:9886 netif_set_mtu+0xd7/0x1b0 net/core/dev.c:9907 dev_set_mtu+0x126/0x260 net/core/dev_api.c:248 team_port_del+0xb07/0xcb0 drivers/net/team/team_core.c:1333 team_del_slave drivers/net/team/team_core.c:1936 [inline] team_device_event+0x207/0x5b0 drivers/net/team/team_core.c:2929 notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85 call_netdevice_notifiers_extack net/core/dev.c:2281 [inline] call_netdevice_notifiers net/core/dev.c:2295 [inline] __dev_change_net_namespace+0xcb7/0x2050 net/core/dev.c:12592 do_setlink+0x2ce/0x4590 net/core/rtnetlink.c:3060 rtnl_changelink net/core/rtnetlink.c:3776 [inline] __rtnl_newlink net/core/rtnetlink.c:3935 [inline] rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894 problem. Ido Schimmel found steps to reproduce ip link add name team1 type team ip link add name dummy1 mtu 1499 master team1 type dummy ip netns add ns1 ip link set dev dummy1 netns ns1 ip -n ns1 link del dev dummy1 and also found that the same issue was fixed in the bond driver in commit f51048c3e07b ("bonding: avoid NETDEV_CHANGEMTU event when unregistering slave"). Let's do similar thing for the team driver, with commit ad7c7b2172c3 ("net: hold netdev instance lock during sysfs operations") and commit 303a8487a657 ("net: s/__dev_set_mtu/__netif_set_mtu/") also applied.

Package Linux Kernel

Published 2026-05-06

Last modified 2026-05-12

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 3.3 and later are affected. Fixed in 6.18.16, 6.19.6, 7.0 and their respective stable series.

Affected from

≥ 3.3

Fixed in

✓ 6.18.16 6.18.x ✓ 6.19.6 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-43234 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5268892de70f0b29bde341db863b234aa9259c08
Patch
Kernel patch commit
https://git.kernel.org/stable/c/bb4c698633c0e19717586a6524a33196cff01a32
Patch
Kernel patch commit
https://git.kernel.org/stable/c/bce42728ac4887060a24a585c5122fbd24939db7
Patch

Details

CVE ID CVE-2026-43234

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2026-05-06

Modified 2026-05-12

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-43234?

CVE-2026-43234 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 3.3 onward and has been patched in 6.18.16, 6.19.6 and 7.0. CVE-2026-43234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-43234?

CVE-2026-43234 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2026-43234?

Yes — CVE-2026-43234 has been patched. Fixed versions include 6.18.16, 6.19.6 and 7.0. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-43234 actively exploited?

No — CVE-2026-43234 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.