CVE-2026-43260

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bnxt_en: Fix RSS context delete logic<br /> <br /> We need to free the corresponding RSS context VNIC<br /> in FW everytime an RSS context is deleted in driver.<br /> Commit 667ac333dbb7 added a check to delete the VNIC<br /> in FW only when netif_running() is true to help delete<br /> RSS contexts with interface down.<br /> <br /> Having that condition will make the driver leak VNICs<br /> in FW whenever close() happens with active RSS contexts.<br /> On the subsequent open(), as part of RSS context restoration,<br /> we will end up trying to create extra VNICs for which we<br /> did not make any reservation. FW can fail this request,<br /> thereby making us lose active RSS contexts.<br /> <br /> Suppose an RSS context is deleted already and we try to<br /> process a delete request again, then the HWRM functions<br /> will check for validity of the request and they simply<br /> return if the resource is already freed. So, even for<br /> delete-when-down cases, netif_running() check is not<br /> necessary.<br /> <br /> Remove the netif_running() condition check when deleting<br /> an RSS context.