CVE-2026-43210
Analyzed Analyzed - Analysis Complete

Linux Kernel Ring Buffer Length Validation Flaw

Vulnerability report for CVE-2026-43210, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: ring-buffer: Fix to check event length before using Check the event length before adding it for accessing next index in rb_read_data_buffer(). Since this function is used for validating possibly broken ring buffers, the length of the event could be broken. In that case, the new event (e + len) can point a wrong address. To avoid invalid memory access at boot, check whether the length of each event is in the possible range before using it.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.12 (inc) to 6.12.75 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's tracing ring-buffer functionality. Specifically, the issue is that the event length was not properly checked before being used in the function rb_read_data_buffer(). Because this function validates potentially broken ring buffers, an incorrect event length could cause the code to access an invalid memory address when calculating the next event's position.

The fix involves verifying that the length of each event is within a valid range before using it, which prevents invalid memory access during system boot.

Impact Analysis

If exploited, this vulnerability could lead to invalid memory access in the Linux kernel during boot time. This could potentially cause system instability, crashes, or unexpected behavior due to accessing incorrect memory locations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart