Skip to main content

Linux Kernel EUVDEUVD-2026-27709

| CVE-2026-43150 HIGH
Out-of-bounds Write (CWE-787)
2026-05-06 Linux GHSA-wh2v-8c6h-56m5
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:31 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

perf/arm-cmn: Reject unsupported hardware configurations

So far we've been fairly lax about accepting both unknown CMN models (at least with a warning), and unknown revisions of those which we do know, as although things do frequently change between releases, typically enough remains the same to be somewhat useful for at least some basic bringup checks. However, we also make assumptions of the maximum supported sizes and numbers of things in various places, and there's no guarantee that something new might not be bigger and lead to nasty array overflows. Make sure we only try to run on things that actually match our assumptions and so will not risk memory corruption.

We have at least always failed on completely unknown node types, so update that error message for clarity and consistency too.

AnalysisAI

Buffer overflow in Linux kernel's ARM CMN performance monitoring driver allows local attackers with low privileges to execute arbitrary code and gain elevated access. The perf/arm-cmn driver fails to validate hardware configuration parameters against assumed maximum sizes, enabling memory corruption through crafted CMN device configurations. While EPSS indicates low exploitation probability (0.02%), patches are available across all maintained kernel branches (6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0) per vendor advisories. The local attack vector and requirement for low-privileged user access limit remote exploitation scenarios.

Technical ContextAI

This vulnerability affects the Linux kernel's ARM Coherent Mesh Network (CMN) performance monitoring subsystem (perf/arm-cmn driver). CMN is an ARM interconnect technology used in high-performance server and datacenter processors for cache coherency and system-wide performance monitoring. The driver historically accepted unknown CMN hardware models and revisions with minimal validation, making assumptions about maximum supported configuration sizes without enforcing bounds checking. When encountering newer or non-standard CMN hardware with larger-than-expected node counts or configuration parameters, the driver performs array indexing operations that exceed statically allocated buffer sizes, resulting in classic buffer overflow conditions. The CWE classification is not provided in NVD data, but the description and tags clearly indicate CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) or CWE-120 (Buffer Overflow). The affected CPE strings indicate vulnerability exists across the mainline Linux kernel codebase in ARM-specific performance monitoring code paths.

RemediationAI

Update to patched Linux kernel versions: 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0 depending on your stable branch. Patch commits implement strict validation of CMN hardware configuration parameters against driver assumptions before allowing perf operations. Upstream fixes available at https://git.kernel.org/stable/c/08c7eadd8a934a1968e1aeeee8b61b853b99fb3a (mainline) with backports to stable branches via commits 36c0de02575c, a251d866f50b, d3e837e11ee9, 00d69f21ef2a, and 7e2c200010aa. If immediate patching is not feasible, restrict local user access to perf subsystem by removing CAP_PERFMON and CAP_SYS_ADMIN capabilities from untrusted users via kernel.perf_event_paranoid sysctl set to 3 (root-only access) - this prevents unprivileged users from triggering vulnerable code paths but eliminates legitimate performance monitoring capabilities for non-root users. For environments using kernel lockdown mode, ensure 'integrity' or 'confidentiality' mode is enabled as this restricts perf operations that could be exploited. Note that blocking perf access impacts system observability and may break performance monitoring tools and profilers used by development and operations teams.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27709 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy