SB2026050612 - Improper access control in Linux kernel objtool
Published: May 6, 2026
Security Bulletin ID
SB2026050612
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2026-43073)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper access control in the __copy_user_nocache() function when performing kernel memory copies with a user-copy interface. A local user can trigger the vulnerable code path to cause a denial of service.
The issue arises from misuse of a function intended for specialized memory copying with exception handling for user space accesses.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/14b9194db4a28421a4dbe5d6e519efbaa7c5f3cd
- https://git.kernel.org/stable/c/c6d4e0599e7e73abc04e2488dfeb7940c4039660
- https://git.kernel.org/stable/c/d187a86de793f84766ea40b9ade7ac60aabbb4fe
- https://git.kernel.org/stable/c/d993e1723aa2a085aa0d72e70ea889031fc225b4
- https://git.kernel.org/stable/c/efea91ad1729ff1853d7418e4d3bc27d085e72d0