Shadow Stacks Vulnerability in Linux Kernel Affecting Multiple Versions
CVE-2026-43109

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43109?

The Linux kernel has been identified with a vulnerability within the shadow stack implementation, specifically related to improper error handling during the memory mapping process. The function shstk_pop_sigframe() fails to adequately check for errors from mmap_read_lock_killable(). This oversight not only compromises the robustness of error detection but also highlights the lack of appropriate annotations, such as __must_check, in related functions. Recent updates have rectified these issues, enhancing overall system integrity and resilience against potential exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 262b6d38a81d51b135db81e1f30c13d30e38feee

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 52f657e34d7b21b47434d9d8b26fa7f6778b63a0

References

https://git.kernel.org/stable/c/c64cebcc5c4f223dbcbe7dcdf...

https://git.kernel.org/stable/c/262b6d38a81d51b135db81e1f...

https://git.kernel.org/stable/c/52f657e34d7b21b47434d9d8b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43109 Data

JSON