Linux Kernel Vulnerability in io_uring Handling Affects Multiple Products
CVE-2026-43442

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43442?

A vulnerability in the Linux kernel's io_uring implementation allows unprivileged users to bypass checks on physical SQE indices when using IORING_SETUP_SQE_MIXED without IORING_SETUP_NO_SQARRAY. This flaw stems from reliance on the logical SQ head position, which can be manipulated through the sq_array. The incorrect validation can lead to memory operations that exceed the allocated buffer, potentially exposing systems to security risks. The fix involves changing the cached_sq_head alignment check to ensure direct validation of the physical SQE index, thus properly managing both sq_array and NO_SQARRAY scenarios.

Affected Version(s)

Linux 1cba30bf9fdd6c982708f3587f609a30c370d889 < 1f794f9bed3e5cf7250a3b4daf112a72ed1513e9

Linux 1cba30bf9fdd6c982708f3587f609a30c370d889 < 6f02c6b196036dbb6defb4647d8707d29b7fe95b

Linux 6.19

References

https://git.kernel.org/stable/c/1f794f9bed3e5cf7250a3b4da...

https://git.kernel.org/stable/c/6f02c6b196036dbb6defb4647...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43442 Data

JSON