Skip to main content

Linux Kernel CVE-2026-43363

| EUVDEUVD-2026-28669 MEDIUM
2026-05-08 Linux GHSA-j96g-282q-pp54
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 18:31 vuln.today
CVSS changed
May 15, 2026 - 16:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

x86/apic: Disable x2apic on resume if the kernel expects so

When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or for other reasons. This causes the kernel to continue using the xapic interface, while the hardware is in x2apic mode, which causes hangs. This happens on defconfig + bare metal + s2ram.

Fix this in lapic_resume() by disabling x2apic if the kernel expects it to be disabled, i.e. when x2apic_mode = 0.

The ACPI v6.6 spec, Section 16.3 [1] says firmware restores either the pre-sleep configuration or initial boot configuration for each CPU, including MSR state:

When executing from the power-on reset vector as a result of waking from an S2 or S3 sleep state, the platform firmware performs only the hardware initialization required to restore the system to either the state the platform was in prior to the initial operating system boot, or to the pre-sleep configuration state. In multiprocessor systems, non-boot processors should be placed in the same state as prior to the initial operating system boot.

(further ahead)

If this is an S2 or S3 wake, then the platform runtime firmware restores minimum context of the system before jumping to the waking vector. This includes:

CPU configuration. Platform runtime firmware restores the pre-sleep configuration or initial boot configuration of each CPU (MSR, MTRR, firmware update, SMBase, and so on). Interrupts must be disabled (for IA-32 processors, disabled by CLI instruction).

(and other things)

So at least as per the spec, re-enablement of x2apic by the firmware is allowed if "x2apic on" is a part of the initial boot configuration.

[1] https://uefi.org/specs/ACPI/6.6/16_Waking_and_Sleeping.html#initialization

[ bp: Massage. ]

AnalysisAI

System hangs on Linux kernel resume from s2ram when firmware re-enables x2apic mode that kernel disabled during boot. Affects x86 systems with APIC hardware where kernel disabled x2apic (due to missing IRQ remapping support or other reasons) but ACPI-compliant firmware restores x2apic to initial boot state per spec. Kernel continues using xapic interface while hardware operates in x2apic mode, causing denial of service through system freezes. CVSS 5.5 (local low-complexity authenticated attack, high availability impact). EPSS 0.02% (7th percentile) indicates low observed exploitation probability. Vendor patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0 mainline). No KEV listing or public exploit identified at time of analysis.

Technical ContextAI

The x2apic (extended xAPIC) is an enhanced interrupt controller mode introduced in x86 processors that extends the original xAPIC with improved performance and scalability. The Linux kernel may disable x2apic during boot if interrupt remapping hardware is unavailable or for compatibility reasons, setting x2apic_mode=0 and continuing to use the legacy xAPIC MMIO interface. Per ACPI specification v6.6 Section 16.3, firmware restoring system state from S2/S3 sleep may legitimately restore CPU MSR state to either pre-sleep or initial boot configuration. If initial boot had x2apic enabled in hardware but kernel subsequently disabled it, firmware resume can create a mismatch: hardware enters x2apic mode while kernel driver attempts xAPIC memory-mapped I/O operations. The x2apic uses MSR-based access (RDMSR/WRMSR to 0x800-0x8FF range) incompatible with xAPIC MMIO at 0xFEE00000, causing instruction decode failures or ignored writes that manifest as interrupt delivery failures and system hangs. The fix in lapic_resume() explicitly disables x2apic in hardware during resume when kernel expects it disabled, ensuring hardware/software state consistency.

RemediationAI

Update to patched Linux kernel versions: 5.10.253+ for 5.10 LTS branch, 5.15.203+ for 5.15 LTS, 6.1.167+ for 6.1 LTS, 6.6.130+ for 6.6 stable, 6.12.78+ for 6.12, 6.18.19+ for 6.18, 6.19.9+ for 6.19, or 7.0+ mainline. Patches available from git.kernel.org/stable with commit references provided above. For systems unable to immediately upgrade, workaround is to avoid suspend-to-RAM (s2ram) operations on affected configurations-disable suspend functionality via kernel command line parameter (e.g., acpi_sleep=s3_bios or entirely disable via systemd sleep.conf). Trade-off: disabling suspend eliminates power management benefits and mobility use cases for laptops. Alternative mitigation on systems with IRQ remapping capable hardware: enable x2apic support if previously disabled for non-technical reasons, though this requires verification that IRQ remapping hardware is present and functional (check dmesg for 'IRQ remapping' messages during boot). This changes system interrupt architecture and requires testing. For enterprise bare-metal deployments, prioritize patching over workarounds due to operational impact. Vendor advisories and patch commits available at https://nvd.nist.gov/vuln/detail/CVE-2026-43363 and linked git.kernel.org stable tree commits.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43363 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy