CVE-2026-43150
Undergoing Analysis Undergoing Analysis - In Progress
perf/arm-cmn Rejects Unsupported Hardware Configurations

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at least with a warning), and unknown revisions of those which we do know, as although things do frequently change between releases, typically enough remains the same to be somewhat useful for at least some basic bringup checks. However, we also make assumptions of the maximum supported sizes and numbers of things in various places, and there's no guarantee that something new might not be bigger and lead to nasty array overflows. Make sure we only try to run on things that actually match our assumptions and so will not risk memory corruption. We have at least always failed on completely unknown node types, so update that error message for clarity and consistency too.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43150
EUVD
EUVD-2026-27709
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability relates to the Linux kernel's perf subsystem for ARM CMN (Coherent Mesh Network) hardware configurations. Previously, the kernel was lenient in accepting unknown CMN models or revisions, assuming they would be similar enough to known configurations. However, this assumption could lead to issues because new hardware might have larger sizes or different numbers of components, potentially causing array overflows and memory corruption.

The fix ensures that the kernel rejects unsupported or unknown hardware configurations rather than trying to operate on them, preventing the risk of memory corruption by only running on hardware that matches expected assumptions.

Impact Analysis

If the Linux kernel accepts unsupported or unknown ARM CMN hardware configurations without proper checks, it could lead to memory corruption due to array overflows. This can cause system instability, crashes, or potentially allow an attacker to exploit the memory corruption to execute arbitrary code or cause denial of service.

By rejecting unsupported hardware configurations, the vulnerability fix reduces the risk of such memory corruption and its associated impacts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart