Buffer Overflow Vulnerability in Linux Kernel Affects io_uring Functionality
CVE-2026-43006

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43006?

A vulnerability in the Linux kernel's io_uring feature has been identified, wherein a zero-length fixed buffer import is incorrectly handled. The validate_fixed_range() function allows a buffer address at the boundary of the registered region when the length is zero, leading to out-of-bounds memory access. This occurs due to inadequate checks, which permit the bvec skip logic to mistakenly advance past the last bio_vec entry, causing potential access to non-allocated memory. To mitigate this issue, the io_import_fixed() function must return early when the length is zero, as no data is available for transfer. This improper memory access scenario has been marked by KASAN, indicating a risk of data leakage or application crashes.

Affected Version(s)

Linux 8622b20f23ed165f48b8ca61503a107d17f8d585 < 040a1e7e0e2f01851fec1dd2d96906f8636a9f75

Linux 8622b20f23ed165f48b8ca61503a107d17f8d585 < 40170fc1a79c1b2e68f09ae6aac687b7305ae6f4

Linux 8622b20f23ed165f48b8ca61503a107d17f8d585 < 111a12b422a8cfa93deabaef26fec48237163214

References

https://git.kernel.org/stable/c/040a1e7e0e2f01851fec1dd2d...

https://git.kernel.org/stable/c/40170fc1a79c1b2e68f09ae6a...

https://git.kernel.org/stable/c/111a12b422a8cfa93deabaef2...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43006 Data

JSON