Out-of-bounds write in Linux kernel - CVE-2026-43079
Published: May 7, 2026
Vulnerability identifier: #VU130686
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43079
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in uncore_pci_pmu_register() when parsing the discovery table for offline dies. A local user can trigger the vulnerable code path to cause a denial of service.
The issue can be triggered when NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0.
How to mitigate CVE-2026-43079
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/6cfc187d85f18f976d0fe527d4c6f6171542cc19
- https://git.kernel.org/stable/c/7a2cb02437d92ed14fe494d8994056d5bd2c72b4
- https://git.kernel.org/stable/c/7b568e9eba2fad89a696f22f0413d44cf4a1f892
- https://git.kernel.org/stable/c/cfab2c817d2e7e0bee98d66850246ce842ed5f18
- https://git.kernel.org/stable/c/f34feda8e0c9535fee3f8870ce8bab53c2798f71