Improper access control in Linux kernel - CVE-2026-43073
Published: May 6, 2026
Vulnerability identifier: #VU130223
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43073
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper access control in the __copy_user_nocache() function when performing kernel memory copies with a user-copy interface. A local user can trigger the vulnerable code path to cause a denial of service.
The issue arises from misuse of a function intended for specialized memory copying with exception handling for user space accesses.
How to mitigate CVE-2026-43073
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/14b9194db4a28421a4dbe5d6e519efbaa7c5f3cd
- https://git.kernel.org/stable/c/c6d4e0599e7e73abc04e2488dfeb7940c4039660
- https://git.kernel.org/stable/c/d187a86de793f84766ea40b9ade7ac60aabbb4fe
- https://git.kernel.org/stable/c/d993e1723aa2a085aa0d72e70ea889031fc225b4
- https://git.kernel.org/stable/c/efea91ad1729ff1853d7418e4d3bc27d085e72d0