Skip to main content

Linux Kernel CVE-2026-43124

| EUVDEUVD-2026-27683 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-06 Linux GHSA-8ww7-x5r5-3g8j
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 20:34 vuln.today
CVSS changed
May 08, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

pstore: ram_core: fix incorrect success return when vmap() fails

In persistent_ram_vmap(), vmap() may return NULL on failure.

If offset is non-zero, adding offset_in_page(start) causes the function to return a non-NULL pointer even though the mapping failed. persistent_ram_buffer_map() therefore incorrectly returns success.

Subsequent access to prz->buffer may dereference an invalid address and cause crashes.

Add proper NULL checking for vmap() failures.

AnalysisAI

Denial of service via null pointer dereference in Linux kernel's pstore persistent storage subsystem occurs when the vmap() function fails but the persistent_ram_vmap() function incorrectly returns success if a non-zero offset is present, allowing subsequent buffer access to dereference invalid memory and cause system crashes. Affects Linux kernel versions prior to 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0. No public exploit identified at time of analysis, but vendor-released patches are available across multiple stable branches.

Technical ContextAI

The vulnerability exists in the pstore (persistent storage) subsystem's ram_core module, specifically in the persistent_ram_vmap() function which maps persistent RAM regions into kernel virtual address space using the vmap() function. When vmap() fails and returns NULL, the function should propagate this error; however, due to arithmetic involving offset_in_page(start), a non-NULL pointer can be returned even on failure. The caller, persistent_ram_buffer_map(), cannot distinguish between success and failure, leading to subsequent code accessing prz->buffer through an invalid virtual address. This violates CWE-476 (Null Pointer Dereference) principles by failing to check for NULL return values from system functions before dereferencing them.

RemediationAI

Apply vendor-released patches immediately: upgrade to Linux 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0 depending on your kernel branch. Patches for each stable branch are available via https://git.kernel.org/stable/ (see references for specific commit hashes). For systems unable to patch immediately, disable the pstore subsystem if not required for persistent crash logging - this eliminates the attack surface but loses kernel crash data persistence. Monitor systems for unexpected kernel crashes or denial of service events in environments with pstore enabled, as these may indicate exploitation or exposure to vmap() allocation failures under memory pressure.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43124 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy