Linux Kernel Vulnerability in Rust Binder - Affected by Process Offset Manipulation
CVE-2026-43433

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43433?

A vulnerability within the Rust Binder implementation of the Linux kernel allows for potential privilege escalation due to improper handling of an offsets array in a transaction. When a transaction is processed, the offsets array is copied into a target process's virtual memory area (vma). While this mapping is generally read-only, a compromised process could exploit its ability to write to its own vma, allowing it to manipulate offsets before they are read back. This misinterpretation could lead to serious security implications, as it may facilitate an unauthorized elevation of privileges for the receiver, especially if the payload is constructed in a specific manner. To mitigate the risk, the kernel's code has been adjusted to prevent this subtle time-of-check-to-time-of-use (TOCTOU) race condition that could be exploited under specific circumstances.

Affected Version(s)

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513 < 3672141c93b7a0c0132bf5d5021a4b7f1d663aaa

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513 < 4cb9e13fec0de7c942f5f927469beb8e48ddd20f

References

https://git.kernel.org/stable/c/e19afb53f7723b3bd22224f2b...

https://git.kernel.org/stable/c/3672141c93b7a0c0132bf5d50...

https://git.kernel.org/stable/c/4cb9e13fec0de7c942f5f9274...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43433 Data

JSON