CVE-2026-43124
Kernel Memory Corruption in Pstore RAM Core
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's pstore ram_core component. Specifically, the function persistent_ram_vmap() uses vmap() to create a memory mapping. However, if vmap() fails and returns NULL, the code may still return a non-NULL pointer due to an incorrect calculation involving an offset. This causes persistent_ram_buffer_map() to incorrectly report success even though the mapping failed.
As a result, subsequent access to the buffer may dereference an invalid memory address, which can lead to system crashes.
The fix involves adding proper NULL checking for vmap() failures to prevent this incorrect success return.
How can this vulnerability impact me? :
This vulnerability can cause the system to crash due to dereferencing invalid memory addresses when the memory mapping fails but is incorrectly reported as successful.
Such crashes can lead to system instability, potential data loss, and denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the pstore: ram_core issue has been fixed. This fix involves proper NULL checking for vmap() failures in persistent_ram_vmap(), preventing crashes caused by dereferencing invalid addresses.
If updating the kernel immediately is not possible, avoid using features or modules that rely on persistent_ram_vmap() or pstore ram_core functionality, as they may trigger the vulnerability.