SB20260509103 - Integer underflow in Linux kernel mm
Published: May 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer underflow (CVE-ID: CVE-2026-43286)
CWE-ID: CWE-191 - Integer underflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an integer underflow in hugetlb subpool reservation accounting when handling failed hugeTLB page allocations from the global pool. A local user can trigger failed allocation attempts to cause a denial of service.
Repeated failed allocation attempts can permanently exhaust the subpool's used counter, making the subpool unusable even though no hugeTLB pages are actually consumed.
Remediation
Install update from vendor's website.