Skip to main content

Linux Kernel EUVDEUVD-2026-27568

| CVE-2026-43079 MEDIUM
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 01, 2026 - 19:46 vuln.today
CVSS changed
Jun 01, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Skip discovery table for offline dies

This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0.

WARNING: CPU: 9 PID: 7257 at uncore.c:1157 uncore_pci_pmu_register+0x136/0x160 [intel_uncore]

Currently, the discovery table continues to be parsed even if all CPUs in the associated die are offline. This can lead to an array overflow at "pmu->boxes[die] = box" in uncore_pci_pmu_register(), which may trigger the warning above or cause other issues.

AnalysisAI

Out-of-bounds array write in the Linux kernel's Intel uncore PMU driver (perf/x86/intel/uncore) causes denial of service on affected Intel multi-die x86 systems. The driver fails to skip discovery table parsing for dies whose CPUs are all offline at boot, allowing the assignment pmu->boxes[die] = box in uncore_pci_pmu_register() to overflow the boxes array, triggering a kernel WARN or potential memory corruption. Exploitation requires local low-privilege access under a specific hardware and boot configuration; no public exploit exists and EPSS is 0.02%, indicating negligible real-world exploitation likelihood.

Technical ContextAI

The Intel uncore performance monitoring unit (PMU) driver (drivers/perf/x86/intel/uncore) parses a hardware discovery table at boot to enumerate and register monitoring boxes for each CPU die. The flaw, introduced at commit edae1f06c2cda41edffc93de6aedc8ba8dc883c3, is that the driver does not guard against processing dies where every associated logical CPU is offline. This is possible when the kernel boots with NUMA disabled (numa=off) and with a CPU count lower than the die 0 CPU count (e.g., via nr_cpus parameter). In uncore_pci_pmu_register() at line 1157, the write pmu->boxes[die] = box uses die as an index without validating that the die is online, producing an out-of-bounds write. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* covers all affected Linux kernel versions up to the patch boundaries. CWE is unassigned by NVD, but the EUVD/VulDB tag of 'Buffer Overflow' is consistent with CWE-787 (Out-of-bounds Write). The intel_uncore module must be loaded for this code path to execute.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel release: 7.0, 6.19.14, 6.6.136, 6.12.83, or 6.18.24, selecting the appropriate stable branch for your distribution. Stable-tree commits confirming the fix include cfab2c817d2e7e0bee98d66850246ce842ed5f18, 6cfc187d85f18f976d0fe527d4c6f6171542cc19, f34feda8e0c9535fee3f8870ce8bab53c2798f71, 7a2cb02437d92ed14fe494d8994056d5bd2c72b4, and 7b568e9eba2fad89a696f22f0413d44cf4a1f892, all available at git.kernel.org. If patching is not immediately feasible, the following compensating controls eliminate the triggering conditions: (1) Remove the numa=off boot parameter to re-enable NUMA - this prevents the die/CPU mismatch that exposes the overflow, with no significant side effect on most workloads; (2) Avoid restricting CPU count at boot via nr_cpus or CPU hotplug on affected Intel multi-die systems; (3) As a last resort, unload or blacklist the intel_uncore kernel module (modprobe -r intel_uncore), which prevents the vulnerable code path from executing but disables all Intel uncore hardware performance monitoring, impacting profiling and observability tools. Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-43079 and https://vuldb.com/vuln/361302.

More in Intel

View all
CVE-2017-5689 CRITICAL POC
9.8 May 02

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana

CVE-2012-5958 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2012-5959 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5964 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5963 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5961 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5965 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5962 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5960 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2015-2291 HIGH POC
7.8 Aug 09

Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0

CVE-2024-44308 HIGH
8.8 Nov 20

Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously cra

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy