CVE-2026-43348
Received Received - Intake
Memory Corruption in Linux Kernel via vmemmap_shift

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and last_pfn, intending to use the largest compound page order both endpoints are aligned to. However, this value is not clamped to MAX_FOLIO_ORDER, so a sufficiently aligned range (e.g. physical range [0x800000000000, 0x800080000000), corresponding to start_pfn=0x800000000 with 35 trailing zeros) can produce a shift larger than what memremap_pages() accepts, triggering a WARN and returning -EINVAL: WARNING: ... memremap_pages+0x512/0x650 requested folio size unsupported The MAX_FOLIO_ORDER check was added by commit 646b67d57589 ("mm/memremap: reject unreasonable folio/compound page sizes in memremap_pages()"). Fix this by clamping vmemmap_shift to MAX_FOLIO_ORDER so we always request the largest order the kernel supports, in those cases, rather than an out-of-range value. Also fix the error path to propagate the actual error code from devm_memremap_pages() instead of hard-coding -EFAULT, which was masking the real -EINVAL return.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43348
EUVD
EUVD-2026-28632
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's mshv_vtl component when registering VTL0 memory. The kernel calculates a value called vmemmap_shift based on the alignment of memory page frame numbers (start_pfn and last_pfn). However, this value is not limited to a maximum allowed size (MAX_FOLIO_ORDER). If the memory range is highly aligned, the calculated shift can exceed what the kernel's memremap_pages() function supports, causing a warning and an error (-EINVAL).

The issue was fixed by clamping the vmemmap_shift value to MAX_FOLIO_ORDER, ensuring the kernel only requests supported page sizes. Additionally, the error handling was improved to propagate the correct error code instead of masking it.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to trigger warnings and fail to register certain memory ranges properly due to unsupported page size requests. This results in errors during memory registration, which could lead to failures in memory management operations involving VTL0 memory in the mshv_vtl component.

Such failures might impact system stability or functionality when using this specific memory registration feature, potentially causing disruptions or degraded performance in environments relying on this kernel functionality.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to memremap_pages failures.

Look for kernel warnings similar to the following in your system logs (e.g., dmesg or /var/log/kern.log):

  • WARNING: ... memremap_pages+0x512/0x650 requested folio size unsupported

You can use the following command to search for such warnings in the kernel ring buffer:

  • dmesg | grep memremap_pages

Or to search in persistent logs:

  • grep memremap_pages /var/log/kern.log

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by clamping the vmemmap_shift value to MAX_FOLIO_ORDER in the Linux kernel code, preventing out-of-range requests.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Monitor system logs for warnings related to memremap_pages to detect any attempts to trigger this issue.
  • Avoid registering VTL0 memory ranges that are excessively aligned and could trigger the issue until the kernel is updated.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart