Skip to main content

Linux Kernel EUVDEUVD-2026-27817

| CVE-2026-43258 HIGH
Out-of-bounds Write (CWE-787)
2026-05-06 Linux GHSA-rj9j-qfgp-687w
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:44 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

alpha: fix user-space corruption during memory compaction

Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled.

Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned tcache chunk"), and compiler internal errors. The failures disappear when compaction is disabled or when using global TLB invalidation.

The root cause is insufficient TLB shootdown during page migration. Alpha relies on ASN-based MM context rollover for instruction cache coherency, but this alone is not sufficient to prevent stale data or instruction translations from surviving migration.

Fix this by introducing a migration-specific helper that combines:

  • MM context invalidation (ASN rollover),
  • immediate per-CPU TLB invalidation (TBI),
  • synchronous cross-CPU shootdown when required.

The helper is used only by migration/compaction paths to avoid changing global TLB semantics.

Additionally, update flush_tlb_other(), pte_clear(), to use READ_ONCE()/WRITE_ONCE() for correct SMP memory ordering.

This fixes observed crashes on both UP and SMP Alpha systems.

AnalysisAI

Local privilege escalation and memory corruption in Linux kernel on Alpha architecture allows authenticated users to execute arbitrary code, corrupt heap memory, or crash systems via insufficient TLB shootdown during memory compaction. The vulnerability affects Alpha systems exclusively and manifests as SIGSEGV crashes, glibc allocator corruption, and compiler failures. EPSS score of 0.02% indicates low likelihood of widespread exploitation, though vendor patches are available across multiple stable kernel branches. Attack requires local authenticated access with low complexity (CVSS AV:L/AC:L/PR:L), limiting remote exploitation scenarios.

Technical ContextAI

This vulnerability affects the Linux kernel's memory management subsystem specifically on the Alpha CPU architecture. The root cause is a failure in Translation Lookaside Buffer (TLB) synchronization during page migration and memory compaction operations. Alpha processors use Address Space Number (ASN) based memory management context switching for instruction cache coherency, but this mechanism alone cannot guarantee that stale TLB entries are properly invalidated when pages are migrated during compaction. The vulnerability arises because Alpha's MM context rollover does not include adequate cross-CPU TLB shootdown operations, allowing outdated virtual-to-physical address translations to persist after page migration. This creates a race condition where user-space processes may reference stale physical addresses, resulting in heap corruption and segmentation faults. The fix introduces a migration-specific helper combining ASN rollover, immediate per-CPU TLB invalidation via TBI instruction, and synchronous cross-CPU TLB shootdown, while also adding proper memory ordering primitives (READ_ONCE/WRITE_ONCE) to flush_tlb_other() and pte_clear() functions to prevent compiler reordering issues in SMP environments.

RemediationAI

Upgrade to patched Linux kernel versions: 6.12.75, 6.18.16, 6.19.6, or 7.0 depending on your current stable branch. Patches are available from the official Linux kernel stable git repository at https://git.kernel.org/stable/c/d4ca6ca2c6f5a1d19d9014c5b36d96637846b5d6 (and related commit URLs in references). For systems where immediate patching is not feasible, disable memory compaction as a temporary workaround by setting /proc/sys/vm/compact_memory to 0 or using kernel parameter 'nocompaction', though this may result in memory fragmentation and reduced performance under memory pressure. Alternatively, enable global TLB invalidation if supported by your kernel configuration, which eliminates the race condition but incurs performance overhead on SMP systems. Note that disabling compaction trades reliability for potential out-of-memory conditions in long-running systems with fragmented memory. For production Alpha systems, patching is strongly recommended over workarounds. Verify patch application by checking kernel version with 'uname -r' and confirm absence of crash symptoms post-upgrade.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27817 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy