SB20260507289 - Out-of-bounds write in Linux kernel events intel



SB20260507289 - Out-of-bounds write in Linux kernel events intel

Published: May 7, 2026

Security Bulletin ID SB20260507289
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-43079)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to an out-of-bounds write in uncore_pci_pmu_register() when parsing the discovery table for offline dies. A local user can trigger the vulnerable code path to cause a denial of service.

The issue can be triggered when NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0.


Remediation

Install update from vendor's website.