SB20260507199 - Improper input validation in Linux kernel perf driver



SB20260507199 - Improper input validation in Linux kernel perf driver

Published: May 7, 2026

Security Bulletin ID SB20260507199
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper input validation (CVE-ID: CVE-2026-43150)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to improper input validation in the perf/arm-cmn driver when handling unsupported hardware configurations. A local user can use unsupported or unexpected CMN hardware configurations to cause memory corruption.

The issue arises from assumptions about maximum supported sizes and counts in the hardware topology.


Remediation

Install update from vendor's website.