In the Linux kernel, the following vulnerability has been resolved:
net: do not pass flowid to setrps_cpu()
Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change.
Compute flowid in setrpscpu(), do not assume we can use the value computed by getrps_cpu(). Otherwise we risk out-of-bound access and/or crashes.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43208.json"
}