SB20260507199 - Improper input validation in Linux kernel perf driver
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-43150)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to improper input validation in the perf/arm-cmn driver when handling unsupported hardware configurations. A local user can use unsupported or unexpected CMN hardware configurations to cause memory corruption.
The issue arises from assumptions about maximum supported sizes and counts in the hardware topology.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/00d69f21ef2ab00e6156c764d89e2b3539eb2f33
- https://git.kernel.org/stable/c/08c7eadd8a934a1968e1aeeee8b61b853b99fb3a
- https://git.kernel.org/stable/c/36c0de02575ce59dfd879eb4ef63d53a68bbf9ce
- https://git.kernel.org/stable/c/7e2c200010aa93fa78201da959b4ac6b9f8fed0b
- https://git.kernel.org/stable/c/a251d866f50b6a4c95901fa722025065679c2eca
- https://git.kernel.org/stable/c/d3e837e11ee9ed08df229272319199003ba00379