Linux Kernel Vulnerability Affecting ARM64 SMMU/ATS Functionality
CVE-2026-43486

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-43486?

A vulnerability in the Linux kernel for ARM64 architecture could cause incorrect handling of access flags during memory operations. The issue arises when ptep_get() misinterprets the state of page table entries (PTEs), leading to incorrect no-op checks that may trigger infinite fault loops in specific scenarios. This flaw particularly affects systems without dynamic buffer management (DBM) support or SMMUs configured in particular ways, as the gathered access flag view may not accurately reflect the effective state of each sub-PTE. Proper fixing involves direct checks on each PTE rather than relying solely on gathered values, which ensures consistent memory access and avoids potential operational disruptions.

Affected Version(s)

Linux 4602e5757bcceb231c3a13c36c373ad4a750eddb < 05d239f2c95e66e27e7fb4e99ee07eb56e3e34b0

Linux 4602e5757bcceb231c3a13c36c373ad4a750eddb < 6f92a7a8b48a523f910ef25dd83808710724f59b

Linux 4602e5757bcceb231c3a13c36c373ad4a750eddb < 09d620555e59768776090073a2c59d2bc8506eb3

References

https://git.kernel.org/stable/c/05d239f2c95e66e27e7fb4e99...

https://git.kernel.org/stable/c/6f92a7a8b48a523f910ef25dd...

https://git.kernel.org/stable/c/09d620555e59768776090073a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43486 Data

JSON