CVE-2026-43351
Received Received - Intake
KVM vGIC Dist/Redist Initialization Flaw in Linux Kernel

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. kvm_vgic_dist_destroy() then comes along and walks into the weeds trying to free the RDs. Got to love this stuff. Solve it by moving all the static initialisation early, and make sure that if we fail halfway, we're in a reasonable shape to perform the rest of the teardown. While at it, reset the vgic model on failure, just in case...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43351
EUVD
EUVD-2026-28657
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation for the arm64 architecture. Specifically, it involves the initialization process of the virtual Generic Interrupt Controller (vgic) distributor and redistributor regions during vgic creation.

If the function vgic_allocate_private_irqs_locked() fails for any reason, the vgic creation function (kvm_vgic_create()) exits early without properly initializing the distributor's redistributor regions (dist->rd_regions). Later, when the vgic distributor destroy function (kvm_vgic_dist_destroy()) attempts to free these redistributor regions, it encounters problems because they were never properly initialized.

The fix involves moving all static initialization steps earlier in the process and ensuring that if a failure occurs halfway through, the system remains in a consistent state that allows proper teardown. Additionally, the vgic model is reset on failure to maintain stability.


How can this vulnerability impact me? :

This vulnerability can lead to improper handling of the virtual Generic Interrupt Controller's redistributor regions during failure scenarios in the KVM arm64 virtualization environment. Specifically, if initialization fails, subsequent cleanup attempts may operate on uninitialized data structures, potentially causing kernel instability or crashes.

Such instability could affect the reliability and availability of virtual machines running on affected Linux kernels, possibly leading to denial of service conditions or unexpected system behavior.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by ensuring that the vgic dist/redist regions are eagerly initialized during vgic creation in the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

This fix involves moving all static initialization early and ensuring proper teardown if initialization fails, preventing uninitialized memory access during kvm_vgic_create and kvm_vgic_dist_destroy operations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart