CVE-2026-43150
Awaiting Analysis Awaiting Analysis - Queue
perf/arm-cmn Rejects Unsupported Hardware Configurations

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at least with a warning), and unknown revisions of those which we do know, as although things do frequently change between releases, typically enough remains the same to be somewhat useful for at least some basic bringup checks. However, we also make assumptions of the maximum supported sizes and numbers of things in various places, and there's no guarantee that something new might not be bigger and lead to nasty array overflows. Make sure we only try to run on things that actually match our assumptions and so will not risk memory corruption. We have at least always failed on completely unknown node types, so update that error message for clarity and consistency too.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43150
EUVD
EUVD-2026-27709
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability relates to the Linux kernel's perf subsystem for ARM CMN (Coherent Mesh Network) hardware configurations. Previously, the kernel was lenient in accepting unknown CMN models or revisions, assuming they would be similar enough to known configurations. However, this assumption could lead to issues because new hardware might have larger sizes or different numbers of components, potentially causing array overflows and memory corruption.

The fix ensures that the kernel rejects unsupported or unknown hardware configurations rather than trying to operate on them, preventing the risk of memory corruption by only running on hardware that matches expected assumptions.


How can this vulnerability impact me? :

If the Linux kernel accepts unsupported or unknown ARM CMN hardware configurations without proper checks, it could lead to memory corruption due to array overflows. This can cause system instability, crashes, or potentially allow an attacker to exploit the memory corruption to execute arbitrary code or cause denial of service.

By rejecting unsupported hardware configurations, the vulnerability fix reduces the risk of such memory corruption and its associated impacts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart