CVE-2026-43289 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexec_load_purgatory() derives image->start by locating e_entry inside an SHF_EXECINSTR section. If the purgatory object contains multiple executable sections with overlapping sh_addr, the entrypoint check can match more than once and trigger a WARN. Derive the entry section from the purgatory_start symbol when present and compute image->start from its final placement. Keep the existing e_entry fallback for purgatories that do not expose the symbol. WARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784 Call Trace: <TASK> bzImage64_load+0x133/0xa00 __do_sys_kexec_file_load+0x2b3/0x5c0 do_syscall_64+0x81/0x610 entry_SYSCALL_64_after_hwframe+0x76/0x7e [me@linux.beauty: move helper to avoid forward declaration, per Baoquan]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/027797595a108726f4a0a45d225f603b0ffbd22b
https://git.kernel.org/stable/c/1737d37ae1d2814e6cf0a1af87af3d41f0812b95
https://git.kernel.org/stable/c/36eb314184a0ae74dd42914b47d2b9fc43be8034
https://git.kernel.org/stable/c/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d
https://git.kernel.org/stable/c/5226570bd252cea2e805a161cb0f75c204c3108a
https://git.kernel.org/stable/c/875355152b33436907c2a6d2ffad1431fa86c62b
https://git.kernel.org/stable/c/cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2
https://git.kernel.org/stable/c/f736032c638a33a243e9126e617788f763d648f9
https://lore.kernel.org/linux-cve-announce/2026050852-CVE-2026-43289-ad06@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43289
https://www.cve.org/CVERecord?id=CVE-2026-43289

History

Sat, 09 May 2026 05:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-398

Sat, 09 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20 CWE-346

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050852-CVE-2026-43289-ad06@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43289 https://www.cve.org/CVERecord?id=CVE-2026-43289
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 08 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20 CWE-346

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexec_load_purgatory() derives image->start by locating e_entry inside an SHF_EXECINSTR section. If the purgatory object contains multiple executable sections with overlapping sh_addr, the entrypoint check can match more than once and trigger a WARN. Derive the entry section from the purgatory_start symbol when present and compute image->start from its final placement. Keep the existing e_entry fallback for purgatories that do not expose the symbol. WARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784 Call Trace: <TASK> bzImage64_load+0x133/0xa00 __do_sys_kexec_file_load+0x2b3/0x5c0 do_syscall_64+0x81/0x610 entry_SYSCALL_64_after_hwframe+0x76/0x7e [me@linux.beauty: move helper to avoid forward declaration, per Baoquan]
Title		kexec: derive purgatory entry from symbol
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/027797595a108726f4a0a45d225f603b0ffbd22b https://git.kernel.org/stable/c/1737d37ae1d2814e6cf0a1af87af3d41f0812b95 https://git.kernel.org/stable/c/36eb314184a0ae74dd42914b47d2b9fc43be8034 https://git.kernel.org/stable/c/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d https://git.kernel.org/stable/c/5226570bd252cea2e805a161cb0f75c204c3108a https://git.kernel.org/stable/c/875355152b33436907c2a6d2ffad1431fa86c62b https://git.kernel.org/stable/c/cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2 https://git.kernel.org/stable/c/f736032c638a33a243e9126e617788f763d648f9

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:13.860Z

Updated: 2026-05-08T13:11:13.860Z

Reserved: 2026-05-01T14:12:55.999Z

Link: CVE-2026-43289

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:35.867

Modified: 2026-05-08T14:16:35.867

Link: CVE-2026-43289

Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43289 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object