Skip to main content

Linux Kernel CVE-2026-43045

| EUVDEUVD-2026-26644 MEDIUM
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 08, 2026 - 14:07 vuln.today
CVSS changed
May 08, 2026 - 14:07 NVD
5.5 (MEDIUM)
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26644
CVE Published
May 01, 2026 - 14:15 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix error handling in mshv_region_pin

The current error handling has two issues:

First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin all requested pages. This is treated as success, leading to partially pinned regions being used, which causes memory corruption.

Second, when an error occurs mid-loop, already pinned pages from the current batch are not properly accounted for before calling mshv_region_invalidate_pages(), causing a page reference leak.

Treat short pins as errors and fix partial batch accounting before cleanup.

AnalysisAI

Memory corruption and page reference leaks in the Linux kernel mshv (Microsoft Hyper-V) module occur when pin_user_pages_fast() returns a partial pin count, which the current code incorrectly treats as success. A local authenticated attacker with privileges can trigger this vulnerability to corrupt memory or cause denial of service on systems using the mshv module, particularly in Hyper-V guest environments.

Technical ContextAI

The mshv_region_pin function in the Linux kernel's Microsoft Hyper-V module uses pin_user_pages_fast() to pin user memory pages for direct access by hypervisor code. The pin_user_pages_fast() function can legitimately return a count less than requested (short pins) when unable to pin all pages at once - this is documented behavior for handling memory pressure or fragmentation. The vulnerable code treats any non-negative return as success without validating that the requested number of pages was actually pinned. Additionally, when errors occur during subsequent iterations of a pinning loop, pages already pinned in the current batch are not accounted for in the cleanup path, causing reference count leaks. This is rooted in improper error handling logic rather than a bounds-checking flaw, though the CWE is not specified in the advisory data.

RemediationAI

Apply the kernel patch from commit a7d149152bc5a9119854331c57be35ad31fdf5cc or c0e296f257671ba10249630fe58026f29e4804d9 by upgrading to Linux 6.19.12, 7.0, or later stable releases. For systems unable to immediately upgrade, disable the mshv module if not required for Hyper-V guest functionality by adding 'blacklist mshv' to kernel module blacklist configuration (typically /etc/modprobe.d/blacklist.conf) and reboot. This prevents any exploitation but removes Microsoft Hyper-V integration features. Alternatively, restrict local access to unprivileged users if mshv is not required for non-administrative workloads, reducing the attack surface to privileged local attackers only. Monitor kernel security advisories from your Linux distribution (Red Hat, Canonical, SUSE, etc.) for backported fixes to stable kernel branches you are using, as they may lag upstream releases.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43045 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy