What is the CVSS score of CVE-2026-43438?

CVE-2026-43438 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-43438?

CVE-2026-43438 is a local privilege escalation vulnerability in the Linux kernel sched_ext subsystem that allows low-privileged users to execute arbitrary code with kernel-level access.. A patch is available.

Linux Kernel CVE-2026-43438

EUVD-2026-28744 HIGH

Use After Free (CWE-416)

2026-05-08 Linux

GHSA-h262-73j6-24h2

Information Disclosure Linux Use After Free Memory Corruption

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 11, 2026 - 08:35 vuln.today

CVSS changed

May 11, 2026 - 08:22 NVD

7.8 (HIGH)

Patch available

May 08, 2026 - 16:18 EUVD

CVE Published

May 08, 2026 - 14:22 nvd

UNKNOWN (no severity yet)

CVE Published

May 08, 2026 - 14:22 nvd

HIGH 7.8

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Remove redundant css_put() in scx_cgroup_init()

The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs.

According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow.

Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.

AnalysisAI

Reference count underflow in Linux kernel sched_ext subsystem enables local privilege escalation to execute arbitrary code with kernel privileges. The flaw affects kernel versions 6.12 through 6.19.x (prior to patched releases 6.12.78, 6.18.19, 6.19.9, 7.0), scoring CVSS 7.8 with local attack vector requiring low privileges. …

RemediationAI

Within 24 hours: Inventory all systems running Linux kernel versions 6.12 through 6.19.x and categorize by criticality and workload. Within 7 days: Deploy patched kernel versions (6.12.78, 6.18.19, 6.19.9, or 7.0 and later) to non-production systems and schedule maintenance windows for production systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

CVE-2026-45837 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork

CVE-2026-45838 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_ge

Vendor StatusVendor

CVE-2026-43438 vulnerability details – vuln.today

Back

Linux Kernel CVE-2026-43438

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code