SB20260507289 - Out-of-bounds write in Linux kernel events intel
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-43079)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in uncore_pci_pmu_register() when parsing the discovery table for offline dies. A local user can trigger the vulnerable code path to cause a denial of service.
The issue can be triggered when NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6cfc187d85f18f976d0fe527d4c6f6171542cc19
- https://git.kernel.org/stable/c/7a2cb02437d92ed14fe494d8994056d5bd2c72b4
- https://git.kernel.org/stable/c/7b568e9eba2fad89a696f22f0413d44cf4a1f892
- https://git.kernel.org/stable/c/cfab2c817d2e7e0bee98d66850246ce842ed5f18
- https://git.kernel.org/stable/c/f34feda8e0c9535fee3f8870ce8bab53c2798f71