CVE-2026-43348
Received Received - Intake
Memory Corruption in Linux Kernel via vmemmap_shift

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and last_pfn, intending to use the largest compound page order both endpoints are aligned to. However, this value is not clamped to MAX_FOLIO_ORDER, so a sufficiently aligned range (e.g. physical range [0x800000000000, 0x800080000000), corresponding to start_pfn=0x800000000 with 35 trailing zeros) can produce a shift larger than what memremap_pages() accepts, triggering a WARN and returning -EINVAL: WARNING: ... memremap_pages+0x512/0x650 requested folio size unsupported The MAX_FOLIO_ORDER check was added by commit 646b67d57589 ("mm/memremap: reject unreasonable folio/compound page sizes in memremap_pages()"). Fix this by clamping vmemmap_shift to MAX_FOLIO_ORDER so we always request the largest order the kernel supports, in those cases, rather than an out-of-range value. Also fix the error path to propagate the actual error code from devm_memremap_pages() instead of hard-coding -EFAULT, which was masking the real -EINVAL return.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43348
EUVD
EUVD-2026-28632
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mshv_vtl component when registering VTL0 memory. The kernel calculates a value called vmemmap_shift based on the alignment of memory page frame numbers (start_pfn and last_pfn). However, this value is not limited to a maximum allowed size (MAX_FOLIO_ORDER). If the memory range is highly aligned, the calculated shift can exceed what the kernel's memremap_pages() function supports, causing a warning and an error (-EINVAL).

The issue was fixed by clamping the vmemmap_shift value to MAX_FOLIO_ORDER, ensuring the kernel only requests supported page sizes. Additionally, the error handling was improved to propagate the correct error code instead of masking it.

Impact Analysis

This vulnerability can cause the Linux kernel to trigger warnings and fail to register certain memory ranges properly due to unsupported page size requests. This results in errors during memory registration, which could lead to failures in memory management operations involving VTL0 memory in the mshv_vtl component.

Such failures might impact system stability or functionality when using this specific memory registration feature, potentially causing disruptions or degraded performance in environments relying on this kernel functionality.

Detection Guidance

This vulnerability can be detected by monitoring the system logs for specific warning messages related to memremap_pages failures.

Look for kernel warnings similar to the following in your system logs (e.g., dmesg or /var/log/kern.log):

  • WARNING: ... memremap_pages+0x512/0x650 requested folio size unsupported

You can use the following command to search for such warnings in the kernel ring buffer:

  • dmesg | grep memremap_pages

Or to search in persistent logs:

  • grep memremap_pages /var/log/kern.log
Mitigation Strategies

The vulnerability is fixed by clamping the vmemmap_shift value to MAX_FOLIO_ORDER in the Linux kernel code, preventing out-of-range requests.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Monitor system logs for warnings related to memremap_pages to detect any attempts to trigger this issue.
  • Avoid registering VTL0 memory ranges that are excessively aligned and could trigger the issue until the kernel is updated.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43348. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart