CVE-2026-43210
Linux Kernel Ring Buffer Length Validation Flaw
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's tracing ring-buffer functionality. Specifically, the issue is that the event length was not properly checked before being used in the function rb_read_data_buffer(). Because this function validates potentially broken ring buffers, an incorrect event length could cause the code to access an invalid memory address when calculating the next event's position.
The fix involves verifying that the length of each event is within a valid range before using it, which prevents invalid memory access during system boot.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to invalid memory access in the Linux kernel during boot time. This could potentially cause system instability, crashes, or unexpected behavior due to accessing incorrect memory locations.