{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43210", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.993Z", "datePublished": "2026-05-06T11:28:13.609Z", "dateUpdated": "2026-05-06T11:28:13.609Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:28:13.609Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the length of the event could be broken.\nIn that case, the new event (e + len) can point a wrong address.\nTo avoid invalid memory access at boot, check whether the length of\neach event is in the possible range before using it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ring_buffer.c"], "versions": [{"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "b4700c089a10f89de3a5149d57f8a58306458982", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "5026010110a5ad2268d8c23e1e286ab7c736f7ac", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "9eb80e54494ef1efef8a64bec4ffa672c9cf411e", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "912b0ee248c529a4f45d1e7f568dc1adddbf2a4a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ring_buffer.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b4700c089a10f89de3a5149d57f8a58306458982"}, {"url": "https://git.kernel.org/stable/c/5026010110a5ad2268d8c23e1e286ab7c736f7ac"}, {"url": "https://git.kernel.org/stable/c/9eb80e54494ef1efef8a64bec4ffa672c9cf411e"}, {"url": "https://git.kernel.org/stable/c/912b0ee248c529a4f45d1e7f568dc1adddbf2a4a"}], "title": "tracing: ring-buffer: Fix to check event length before using", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the length of the event could be broken.\nIn that case, the new event (e + len) can point a wrong address.\nTo avoid invalid memory access at boot, check whether the length of\neach event is in the possible range before using it."}], "id": "CVE-2026-43210", "lastModified": "2026-05-06T13:07:51.607", "metrics": {}, "published": "2026-05-06T12:16:40.417", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5026010110a5ad2268d8c23e1e286ab7c736f7ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/912b0ee248c529a4f45d1e7f568dc1adddbf2a4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9eb80e54494ef1efef8a64bec4ffa672c9cf411e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4700c089a10f89de3a5149d57f8a58306458982"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: tracing: ring-buffer: Fix to check event length before using", "id": "2467162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467162"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1284", "details": ["A flaw was found in the Linux kernel's tracing ring-buffer subsystem. This vulnerability occurs in the `rb_read_data_buffer()` function, which fails to validate the length of an event before using it to determine the next memory address. If an event's length is corrupted, this can lead to an invalid memory access during system boot, potentially causing a denial of service (DoS) by crashing the system."], "name": "CVE-2026-43210", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43210\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43210\nhttps://lore.kernel.org/linux-cve-announce/2026050649-CVE-2026-43210-f4dd@gregkh/T"], "threat_severity": "Moderate"}