CVE-2026-43240

MEDIUM

x86/kexec: add a sanity check on previous kernel's ima kexec buffer

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=<size>", the physical range that contains the carried over IMA measurement list may fall outside the truncated RAM leading to a kernel panic. BUG: unable to handle page fault for address: ffff97793ff47000 RIP: ima_restore_measurement_list+0xdc/0x45a #PF: error_code(0x0000) – not-present page Other architectures already validate the range with page_is_ram(), as done in commit cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer against memory bounds") do a similar check on x86. Without carrying the measurement list across kexec, the attestation would fail.

References (6)

Core 6

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (15)
Linux/Linux < 6.0
Linux/Linux 6.0
Linux/Linux 6.1.165 - 6.1.*
Linux/Linux 6.12.75 - 6.12.*
Linux/Linux 6.18.16 - 6.18.*
Linux/Linux 6.19.6 - 6.19.*
Linux/Linux 6.6.128 - 6.6.*
Linux/Linux 7.0
Linux/Linux b69a2afd5afce9bf6d56e349d6ab592c916e20f2 - 22e460b6333a5f818b042ac89201f8e735556f4a
Linux/Linux b69a2afd5afce9bf6d56e349d6ab592c916e20f2 - 37f18915a261afe84dab462624ed829cddb77a9b
... and 5 more
Published May 06, 2026
Tracked Since May 06, 2026