CVE-2026-43197
Analyzed Analyzed - Analysis Complete
Out-of-Bounds Read in Linux Kernel Netconsole

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 ("netconsole: convert to NBCON console infrastructure") the message would be placed in printk_shared_pbufs, a static global buffer, so KASAN had harder time catching OOB accesses. Now we see: printk: console [netcon_ext0] enabled BUG: KASAN: slab-out-of-bounds in string+0x1f7/0x240 Read of size 1 at addr ffff88813b6d4c00 by task pr/netcon_ext0/594 CPU: 65 UID: 0 PID: 594 Comm: pr/netcon_ext0 Not tainted 6.19.0-11754-g4246fd6547c9 Call Trace: kasan_report+0xe4/0x120 string+0x1f7/0x240 vsnprintf+0x655/0xba0 scnprintf+0xba/0x120 netconsole_write+0x3fe/0xa10 nbcon_emit_next_record+0x46e/0x860 nbcon_kthread_func+0x623/0x750 Allocated by task 1: nbcon_alloc+0x1ea/0x450 register_console+0x26b/0xe10 init_netconsole+0xbb0/0xda0 The buggy address belongs to the object at ffff88813b6d4000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 0 bytes to the right of allocated 3072-byte region [ffff88813b6d4000, ffff88813b6d4c00)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43197
EUVD
EUVD-2026-27758
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.6 (inc) to 6.18.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's netconsole feature. The issue arises because the message (msg) passed to netconsole from the console subsystem is not guaranteed to be null-terminated. This can lead to out-of-bounds (OOB) reads when the kernel attempts to process the message as a string.

Previously, the message was placed in a static global buffer, which made it harder for the Kernel Address Sanitizer (KASAN) to detect OOB accesses. After a recent commit converting netconsole to the NBCON console infrastructure, KASAN can now detect these out-of-bounds reads more easily, revealing a bug where the kernel reads beyond the allocated buffer size.

Impact Analysis

This vulnerability can cause the Linux kernel to perform out-of-bounds memory reads when handling netconsole messages. Such behavior can lead to system instability, crashes, or kernel bugs detected by KASAN.

While the description does not explicitly mention exploitation scenarios, out-of-bounds reads in kernel space can potentially be leveraged to leak sensitive information or cause denial of service, impacting system reliability and security.

Detection Guidance

This vulnerability can be detected by monitoring kernel logs for KASAN (Kernel Address Sanitizer) slab-out-of-bounds errors related to netconsole. Specifically, look for messages indicating out-of-bounds reads in the netconsole subsystem, such as errors mentioning "BUG: KASAN: slab-out-of-bounds" and traces involving netconsole functions like netconsole_write or nbcon_kthread_func.

You can check the kernel log using commands like:

  • dmesg | grep -i kasan
  • journalctl -k | grep -i netconsole
  • journalctl -k | grep -i kasan

These commands help identify if the kernel has reported any out-of-bounds memory access errors related to netconsole, which would indicate the presence of this vulnerability.

Mitigation Strategies

To mitigate this vulnerability immediately, you should disable the netconsole kernel console if it is enabled, as the vulnerability involves out-of-bounds reads in the netconsole subsystem.

Additionally, update your Linux kernel to a version that includes the fix for this issue, specifically one that contains the commit 7eab73b18630 which converts netconsole to the NBCON console infrastructure and avoids out-of-bounds reads.

Disabling netconsole can typically be done by removing or commenting out any netconsole related kernel boot parameters or unloading the netconsole kernel module if it is loaded.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43197. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart