Skip to main content

Linux Kernel CVE-2026-43461

| EUVDEUVD-2026-28767 HIGH
2026-05-08 Linux GHSA-x288-7jx3-2597
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:37 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:22 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 14:22 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic: spifc-a4: Fix DMA mapping error handling

Fix three bugs in aml_sfc_dma_buffer_setup() error paths:

  1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails,

nothing needs cleanup. Use direct return instead of goto.

  1. Double-unmap bug: When info DMA mapping failed, the code would

unmap sfc->daddr inline, then fall through to out_map_data which would unmap it again, causing a double-unmap.

  1. Wrong unmap size: The out_map_info label used datalen instead of

infolen when unmapping sfc->iaddr, which could lead to incorrect DMA sync behavior.

AnalysisAI

Memory corruption in Linux kernel's Amlogic SPI Flash Controller A4 driver allows local authenticated attackers with low privileges to escalate privileges, corrupt memory, or cause denial of service through improper DMA mapping error handling. The vulnerability stems from three distinct bugs in aml_sfc_dma_buffer_setup() that can trigger double-unmapping and incorrect DMA synchronization. EPSS score of 0.02% (4th percentile) indicates low exploitation likelihood in the wild. Vendor patches are available for affected kernel versions 6.18.x and 6.19.x, with fixes backported to stable branches.

Technical ContextAI

The vulnerability affects the Amlogic SPI Flash Controller A4 driver (spifc-a4) in the Linux kernel's SPI subsystem. SPI (Serial Peripheral Interface) controllers manage communication with flash memory devices. The specific component, aml_sfc_dma_buffer_setup(), handles Direct Memory Access (DMA) buffer setup for data transfers. DMA mapping is a critical operation that prepares memory buffers for hardware access, and errors in this process can lead to memory corruption. The three distinct bugs include: (1) unnecessary error path logic when sfc->daddr mapping fails, (2) a double-unmap condition where sfc->daddr gets unmapped twice when info DMA mapping fails - once inline and again via the out_map_data cleanup path, and (3) incorrect size parameter in the out_map_info cleanup path that uses datalen instead of infolen when unmapping sfc->iaddr. These bugs violate fundamental DMA API usage rules and can corrupt kernel memory management structures, potentially leading to use-after-free conditions or memory leaks.

RemediationAI

Upgrade to patched Linux kernel versions: 6.18.19 or later for 6.18.x series, 6.19.9 or later for 6.19.x series, or 7.0 and above for mainline kernels. Upstream patches available at https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fce909f254b7180ab (6.19.9), https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9cbadf2266db4c9a (6.18.19), and https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d1664e8f2a0ac67000 (mainline 7.0). Consult vendor advisories at https://nvd.nist.gov/vuln/detail/CVE-2026-43461 for distribution-specific patches. If immediate patching is not feasible, disable the Amlogic SPI Flash Controller A4 driver by blacklisting the kernel module (add 'blacklist spifc_a4' to /etc/modprobe.d/blacklist.conf) - this prevents driver loading but will disable SPI flash functionality, breaking systems that boot from or depend on SPI flash storage. Alternative mitigation: restrict local user access through mandatory access control policies (SELinux/AppArmor) to prevent untrusted users from triggering driver code paths, though this provides defense-in-depth rather than complete protection. Verify hardware inventory to confirm presence of Amlogic A4 SPI controllers before prioritizing remediation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy