Improper input validation in Linux kernel - CVE-2026-43150
Published: May 7, 2026
Vulnerability identifier: #VU130592
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43150
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to improper input validation in the perf/arm-cmn driver when handling unsupported hardware configurations. A local user can use unsupported or unexpected CMN hardware configurations to cause memory corruption.
The issue arises from assumptions about maximum supported sizes and counts in the hardware topology.
How to mitigate CVE-2026-43150
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/00d69f21ef2ab00e6156c764d89e2b3539eb2f33
- https://git.kernel.org/stable/c/08c7eadd8a934a1968e1aeeee8b61b853b99fb3a
- https://git.kernel.org/stable/c/36c0de02575ce59dfd879eb4ef63d53a68bbf9ce
- https://git.kernel.org/stable/c/7e2c200010aa93fa78201da959b4ac6b9f8fed0b
- https://git.kernel.org/stable/c/a251d866f50b6a4c95901fa722025065679c2eca
- https://git.kernel.org/stable/c/d3e837e11ee9ed08df229272319199003ba00379