Out-of-Bounds Read Vulnerability in Linux Kernel's Dentry Hashtable Management
CVE-2026-43071

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43071?

A vulnerability exists in the Linux kernel's management of the dentry hashtable, which can lead to an out-of-bounds read when the parameter 'dhash_entries' is set to 1. This condition results in insufficient bucket allocation, causing processes to access unallocated memory regions and potentially leading to system instability. The issue was resolved by enforcing a minimum of two buckets in the dentry hashtable, ensuring that calculations involving the d_hash_shift do not exceed the bit width of type u32, thus preventing the out-of-bounds access.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 426ef05e82ee52c8d0e95fc0808b7383d8352d73

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 755b40903eff563768d4d96fd4ef51ec48adde3b

References

https://git.kernel.org/stable/c/426ef05e82ee52c8d0e95fc08...

https://git.kernel.org/stable/c/ddd57ebce245f9c7e2f6902a6...

https://git.kernel.org/stable/c/755b40903eff563768d4d96fd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43071 Data

JSON