SB20260509103 - Integer underflow in Linux kernel mm



SB20260509103 - Integer underflow in Linux kernel mm

Published: May 9, 2026

Security Bulletin ID SB20260509103
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer underflow (CVE-ID: CVE-2026-43286)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to an integer underflow in hugetlb subpool reservation accounting when handling failed hugeTLB page allocations from the global pool. A local user can trigger failed allocation attempts to cause a denial of service.

Repeated failed allocation attempts can permanently exhaust the subpool's used counter, making the subpool unusable even though no hugeTLB pages are actually consumed.


Remediation

Install update from vendor's website.