Memory Management Vulnerability in Linux Kernel Affecting Rust Binder
CVE-2026-43434

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43434?

A vulnerability in the Linux kernel's Rust Binder component allows improper memory handling during page installations. When the Rust Binder tries to insert or remove pages, it can mistakenly target the wrong virtual memory area (VMA) if the initial VMA has been closed or replaced. This flaw permits unauthorized write access to binder pages, which are typically designed to be read-only, potentially leading to data corruption or injection. The issue arises from inadequate checks on ownership during memory operations, which can be exploited until a more robust VMA abstraction is implemented. A patch has been developed to enforce stricter validation, ensuring that Rust Binder interacts only with the correct VMA.

Affected Version(s)

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513 < 20a01f20d1f4064d90a8627aa41b5987f0220bb9

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513 < 5a472d04fb4b9115fb7d1535bd885cea450f14db

Linux eafedbc7c050c44744fbdf80bdf3315e860b7513 < 8ef2c15aeae07647f530d30f6daaf79eb801bcd1

References

https://git.kernel.org/stable/c/20a01f20d1f4064d90a8627aa...

https://git.kernel.org/stable/c/5a472d04fb4b9115fb7d1535b...

https://git.kernel.org/stable/c/8ef2c15aeae07647f530d30f6...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43434 Data

JSON