Skip to main content

Linux Kernel EUVDEUVD-2026-27711

| CVE-2026-43148 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-06 Linux GHSA-7xgq-2f8h-fvh6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:58 vuln.today
CVSS changed
May 13, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()

As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().

AnalysisAI

NULL pointer dereference in the Linux kernel's powerpc/smp subsystem allows a local authenticated user to crash the kernel, causing a denial of service on PowerPC-based systems. The parse_thread_groups() function passes the return value of kcalloc() directly to of_property_read_u32_array() without validating it for NULL, meaning a failed memory allocation - possible under memory pressure - leads to a kernel panic or oops. No public exploit code exists and this vulnerability is not in CISA KEV; with an EPSS of 0.02% (7th percentile) and architecture-specific scope limited to PowerPC, real-world exploitation risk is low but relevant to IBM POWER server deployments running Red Hat or SUSE Linux.

Technical ContextAI

The vulnerability resides in the powerpc/smp (symmetric multiprocessing) subsystem of the Linux kernel, specifically in parse_thread_groups(), a function that parses CPU thread group topology from Open Firmware device tree properties during SMP initialization or CPU hotplug events. The function calls kcalloc() - a kernel zero-initializing array allocator - and then unconditionally passes the resulting pointer to of_property_read_u32_array() without first checking whether the allocation succeeded. Under low-memory conditions, kcalloc() is permitted by the kernel memory subsystem to return NULL, causing the subsequent dereference to trigger a NULL pointer dereference (CWE-476), typically manifesting as a kernel oops or panic. The vulnerability was introduced at commit 790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2 and affects the kernel from version 5.11 onward across multiple long-term stable branches, as confirmed by CPE cpe:2.3:a:linux:linux and EUVD-2026-27711 version data. The fix is a standard missing-NULL-check addition before the pointer is used.

RemediationAI

The primary remediation is upgrading to a patched Linux kernel release on the affected stable branch: 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0, as applicable to the deployed kernel series. Upstream stable fixes are available at https://git.kernel.org/stable/c/1de31dba19c3cd0c1caf388a286b46df638f0b91, https://git.kernel.org/stable/c/9b85c8f624b0f8cf9b932f5a65dacd56a1f47a72, and five additional stable commits covering different branches. Red Hat and SUSE customers running PowerPC-architecture systems should monitor their respective vendor security advisories for downstream kernel package updates, as no specific vendor advisory URL was included in the available data. As a compensating control where immediate patching is not feasible, restricting local user access on affected PowerPC systems reduces the attacker's ability to induce memory pressure conditions; however, this has the operational trade-off of limiting legitimate administrative activity and does not eliminate the underlying code defect.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27711 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy