CVE-2026-53343
Received Received - Intake

KASAN VMAP Stack Shadow Alignment Fault in Linux Kernel

Vulnerability report for CVE-2026-53343, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned. ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init. Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel on ARM architectures. It involves the use of a word-sized load instruction (ldr) to read from the KASAN VMAP stack shadow memory in the __switch_to() function. The KASAN shadow memory is byte-granular and not guaranteed to be word aligned, but the code was using a word load which can cause alignment faults on ARMv5 processors.

Specifically, with CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB systems can crash with an alignment exception during context switching (__switch_to()). The fix changes the load instruction to a byte load (ldrb), which matches the byte granularity of the shadow memory and prevents the alignment fault.

Impact Analysis

This vulnerability can cause ARMv5-based systems running the affected Linux kernel with certain configurations (CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK) to crash due to alignment exceptions during context switches. This can lead to system instability or denial of service on affected hardware.

Mitigation Strategies

The vulnerability is resolved by changing the dummy read from the KASAN VMAP stack shadow in the Linux kernel from a word load (ldr) to a byte load (ldrb) to avoid alignment exceptions on ARMv5 architectures.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix (commit 44e9a3bb76e5) which applies this change.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart