CVE-2026-53346
Received Received - Intake

Linux Kernel Unwind Table Flag Fix for Rust

Vulnerability report for CVE-2026-53346, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated functions such as 'asan.module_ctor' do not receive the uwtable annotation. When CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this leads to boot failures because the dwarf information emitted for the kasan constructors is wrong, which causes the SCS boot patching code to patch the constructor in an illegal manner. Specifically, the paciasp instruction is patched, but the autiasp instruction is not. This mismatch leads to a crash when the constructor is called during boot. ================================================================== BUG: KASAN: global-out-of-bounds in do_basic_setup+0x4c/0x90 Read of size 8 at addr ffffffe3cc7eb488 by task swapper/0/1 Specifically the faulting instruction is the (*fn)() to invoke the constructor in do_ctors() of the init/main.c file. Once the fix lands in rustc, this flag can be made conditional on the rustc version. Note that passing the flag on a rustc with the fix present has no effect. [ The fix [1] has landed for Rust 1.98.0 (expected release on 2026-08-20). Thus add a version check as discussed. - Miguel ] [ Adjusted link and comment. - Miguel ]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rust rust to 1.98.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's use of Rust code on the arm64 architecture. Due to a bug in the Rust compiler (rustc), a specific compiler flag (-Cforce-unwind-tables=y) only applies the uwtable annotation to functions but not to the entire module. This causes certain compiler-generated functions, like 'asan.module_ctor', to miss this annotation.

When a kernel configuration option called CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this missing annotation leads to incorrect dwarf debugging information for kernel address sanitizer (kasan) constructors. As a result, the kernel's boot patching code incorrectly patches these constructors, causing a mismatch in patched instructions and ultimately leading to a crash during system boot.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during the boot process on affected systems using the arm64 architecture with Rust code and the specific kernel configuration enabled. The crash occurs because of incorrect patching of kernel constructors, leading to boot failures and potentially rendering the system unbootable until the issue is fixed.

Mitigation Strategies

This vulnerability is related to a rustc compiler bug affecting the Linux kernel's arm64 architecture when CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, causing boot failures due to incorrect patching of constructors.

Immediate mitigation involves ensuring that the rustc compiler version used includes the fix for this bug, which is expected to be released in Rust 1.98.0 (around 2026-08-20). Until then, avoid using the -Cforce-unwind-tables=y flag on affected builds or apply patches that conditionally set this flag based on rustc version.

Additionally, monitor kernel boot logs for KASAN errors related to global-out-of-bounds reads in do_basic_setup or crashes during constructor invocation, which indicate the presence of this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart