CVE-2026-43108
Analyzed Analyzed - Analysis Complete
Heap-based Buffer Overflow in Qualcomm PD Mapper Driver

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei for reason not matching servreg_loc_pfr_req's reason field due which we could observe decoding error on PD crash. qmi_decode_string_elem: String len 81 >= Max Len 65 Fix this by matching with servreg_loc_pfr_req's reason field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43108
EUVD
EUVD-2026-27626
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.24 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.14 (exc)
linux linux_kernel From 6.11 (inc) to 6.12.83 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Qualcomm power domain mapper (pd-mapper) component. Specifically, the element length declared in the servreg_loc_pfr_req_ei structure for the 'reason' field does not match the length of the corresponding 'reason' field in servreg_loc_pfr_req. This mismatch causes a decoding error during power domain (PD) crash handling, where the string length exceeds the maximum allowed length, leading to potential errors in processing.

Impact Analysis

The impact of this vulnerability is related to decoding errors during power domain crash events in affected Qualcomm hardware running the Linux kernel. Such decoding errors could potentially lead to improper handling of power domain crashes, which might affect system stability or reliability in scenarios involving power management.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart