{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43210", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.993Z", "datePublished": "2026-05-06T11:28:13.609Z", "dateUpdated": "2026-05-06T11:28:13.609Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:28:13.609Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the length of the event could be broken.\nIn that case, the new event (e + len) can point a wrong address.\nTo avoid invalid memory access at boot, check whether the length of\neach event is in the possible range before using it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ring_buffer.c"], "versions": [{"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "b4700c089a10f89de3a5149d57f8a58306458982", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "5026010110a5ad2268d8c23e1e286ab7c736f7ac", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "9eb80e54494ef1efef8a64bec4ffa672c9cf411e", "status": "affected", "versionType": "git"}, {"version": "5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55", "lessThan": "912b0ee248c529a4f45d1e7f568dc1adddbf2a4a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ring_buffer.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b4700c089a10f89de3a5149d57f8a58306458982"}, {"url": "https://git.kernel.org/stable/c/5026010110a5ad2268d8c23e1e286ab7c736f7ac"}, {"url": "https://git.kernel.org/stable/c/9eb80e54494ef1efef8a64bec4ffa672c9cf411e"}, {"url": "https://git.kernel.org/stable/c/912b0ee248c529a4f45d1e7f568dc1adddbf2a4a"}], "title": "tracing: ring-buffer: Fix to check event length before using", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the length of the event could be broken.\nIn that case, the new event (e + len) can point a wrong address.\nTo avoid invalid memory access at boot, check whether the length of\neach event is in the possible range before using it."}], "id": "CVE-2026-43210", "lastModified": "2026-05-06T13:07:51.607", "metrics": {}, "published": "2026-05-06T12:16:40.417", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5026010110a5ad2268d8c23e1e286ab7c736f7ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/912b0ee248c529a4f45d1e7f568dc1adddbf2a4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9eb80e54494ef1efef8a64bec4ffa672c9cf411e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4700c089a10f89de3a5149d57f8a58306458982"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}