Improper control of a resource through its lifetime in Linux kernel - CVE-2026-43363
Published: May 9, 2026
Vulnerability identifier: #VU130815
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43363
CWE-ID: CWE-664
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper hardware state management in lapic_resume() when resuming from s2ram. A local user can trigger a suspend and resume cycle to cause a denial of service.
This occurs when firmware re-enables x2apic mode while the kernel continues using the xapic interface, which can lead to system hangs on bare metal systems.
How to mitigate CVE-2026-43363
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/11712c4eb384098db4cb08792e223c818b908c1a
- https://git.kernel.org/stable/c/1a85f84214f9d790216547ac6086bf8033cd9e5a
- https://git.kernel.org/stable/c/1d8440c1e7c49715f937416ac90cf260f1f1712c
- https://git.kernel.org/stable/c/3dd0812a7c764cd8f3b0182441ac22da0a7f3b09
- https://git.kernel.org/stable/c/8cc7dd77a1466f0ec58c03478b2e735a5b289b96
- https://git.kernel.org/stable/c/965289b120cc68cca886c75219c68b8c15751d73
- https://git.kernel.org/stable/c/a6ad6f2e31b524cbb66b2f370bad0cf17d327e6c
- https://git.kernel.org/stable/c/f591938072115bf08730b8530c67fab189cc6308