Out-of-Bounds Read Vulnerability in Linux Kernel Affecting Modem Communication
CVE-2026-43495

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43495?

A vulnerability in the Linux kernel's handling of modem messages could lead to an out-of-bounds read, potentially exposing sensitive information or leading to system instability. Specifically, the issue occurs in the t7xx_port_enum_msg_handler function, where the modem-supplied port_count value is used as a loop limit without adequate validation. This flaw allows a malicious modem to send an excessively large port_count value within a smaller-than-required message buffer, triggering significant memory access errors. To mitigate this issue, robustness checks have been integrated, ensuring that message sizes are validated before processing, thereby preventing unauthorized memory access and improving overall system security.

Affected Version(s)

Linux da45d2566a1d4e260b894ff5d96be64b21c7fa79

Linux da45d2566a1d4e260b894ff5d96be64b21c7fa79 < 9855e063e063158cc5bded576382599dc3133202

Linux da45d2566a1d4e260b894ff5d96be64b21c7fa79 < 2b56d7903ab804481f5233a259d5f341e9fd513c

References

https://git.kernel.org/stable/c/f94450ce5053b36002995b72d...

https://git.kernel.org/stable/c/9855e063e063158cc5bded576...

https://git.kernel.org/stable/c/2b56d7903ab804481f5233a25...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43495 Data

JSON