CVE-2026-43289
Received Received - Intake
Kernel kexec Purgatory Entry Derivation Vulnerability

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexec_load_purgatory() derives image->start by locating e_entry inside an SHF_EXECINSTR section. If the purgatory object contains multiple executable sections with overlapping sh_addr, the entrypoint check can match more than once and trigger a WARN. Derive the entry section from the purgatory_start symbol when present and compute image->start from its final placement. Keep the existing e_entry fallback for purgatories that do not expose the symbol. WARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784 Call Trace: <TASK> bzImage64_load+0x133/0xa00 __do_sys_kexec_file_load+0x2b3/0x5c0 do_syscall_64+0x81/0x610 entry_SYSCALL_64_after_hwframe+0x76/0x7e [[email protected]: move helper to avoid forward declaration, per Baoquan]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43289
EUVD
EUVD-2026-28559
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's kexec functionality, specifically in the kexec_load_purgatory() function. The function attempts to determine the start address of an image by locating the entry point (e_entry) inside an executable section (SHF_EXECINSTR). However, if the purgatory object contains multiple executable sections with overlapping addresses (sh_addr), the entrypoint check can match more than once, which triggers a kernel warning (WARN).

The fix involves deriving the entry section from a symbol called purgatory_start when it is present, and computing the image start address from its final placement. The previous fallback method using e_entry is still kept for purgatories that do not expose this symbol.

Impact Analysis

This vulnerability can cause the Linux kernel to trigger a warning (WARN) during the kexec process if multiple executable sections overlap in the purgatory object. Such warnings can lead to instability or unexpected behavior during system reboot or kernel loading via kexec.

While the description does not explicitly mention exploitation or direct security impact, kernel warnings in critical code paths can potentially lead to system crashes or denial of service conditions, affecting system reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43289. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart