CVE-2026-43289 (GCVE-0-2026-43289)
Vulnerability from cvelistv5 – Published: 2026-05-08 13:11 – Updated: 2026-05-08 13:11
VLAI?
Title
kexec: derive purgatory entry from symbol
Summary
In the Linux kernel, the following vulnerability has been resolved:
kexec: derive purgatory entry from symbol
kexec_load_purgatory() derives image->start by locating e_entry inside an
SHF_EXECINSTR section. If the purgatory object contains multiple
executable sections with overlapping sh_addr, the entrypoint check can
match more than once and trigger a WARN.
Derive the entry section from the purgatory_start symbol when present and
compute image->start from its final placement. Keep the existing e_entry
fallback for purgatories that do not expose the symbol.
WARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784
Call Trace:
<TASK>
bzImage64_load+0x133/0xa00
__do_sys_kexec_file_load+0x2b3/0x5c0
do_syscall_64+0x81/0x610
entry_SYSCALL_64_after_hwframe+0x76/0x7e
[me@linux.beauty: move helper to avoid forward declaration, per Baoquan]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
f368aed4827bd4276c0e3664fb2cb815a8d7caf3 , < 027797595a108726f4a0a45d225f603b0ffbd22b
(git)
Affected: d38e051ec6fd8650b139d9bc4b0b8b261953b263 , < 1737d37ae1d2814e6cf0a1af87af3d41f0812b95 (git) Affected: 013027918a4efa807409fcb356009c117e4d181a , < f736032c638a33a243e9126e617788f763d648f9 (git) Affected: 8652d44f466ad5772e7d1756e9457046189b0dfc , < cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2 (git) Affected: 8652d44f466ad5772e7d1756e9457046189b0dfc , < 875355152b33436907c2a6d2ffad1431fa86c62b (git) Affected: 8652d44f466ad5772e7d1756e9457046189b0dfc , < 36eb314184a0ae74dd42914b47d2b9fc43be8034 (git) Affected: 8652d44f466ad5772e7d1756e9457046189b0dfc , < 5226570bd252cea2e805a161cb0f75c204c3108a (git) Affected: 8652d44f466ad5772e7d1756e9457046189b0dfc , < 480e1d5c64bb14441f79f2eb9421d5e26f91ea3d (git) Affected: 4947a0eb7d642b6048559857964966016ef3aa8b (git) Affected: b16bf76b382810257e3fb6278663a9d131b70197 (git) Affected: cb1638618545182a01444b2b20a4ed6b9d2a8c8f (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/kexec_file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "027797595a108726f4a0a45d225f603b0ffbd22b",
"status": "affected",
"version": "f368aed4827bd4276c0e3664fb2cb815a8d7caf3",
"versionType": "git"
},
{
"lessThan": "1737d37ae1d2814e6cf0a1af87af3d41f0812b95",
"status": "affected",
"version": "d38e051ec6fd8650b139d9bc4b0b8b261953b263",
"versionType": "git"
},
{
"lessThan": "f736032c638a33a243e9126e617788f763d648f9",
"status": "affected",
"version": "013027918a4efa807409fcb356009c117e4d181a",
"versionType": "git"
},
{
"lessThan": "cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2",
"status": "affected",
"version": "8652d44f466ad5772e7d1756e9457046189b0dfc",
"versionType": "git"
},
{
"lessThan": "875355152b33436907c2a6d2ffad1431fa86c62b",
"status": "affected",
"version": "8652d44f466ad5772e7d1756e9457046189b0dfc",
"versionType": "git"
},
{
"lessThan": "36eb314184a0ae74dd42914b47d2b9fc43be8034",
"status": "affected",
"version": "8652d44f466ad5772e7d1756e9457046189b0dfc",
"versionType": "git"
},
{
"lessThan": "5226570bd252cea2e805a161cb0f75c204c3108a",
"status": "affected",
"version": "8652d44f466ad5772e7d1756e9457046189b0dfc",
"versionType": "git"
},
{
"lessThan": "480e1d5c64bb14441f79f2eb9421d5e26f91ea3d",
"status": "affected",
"version": "8652d44f466ad5772e7d1756e9457046189b0dfc",
"versionType": "git"
},
{
"status": "affected",
"version": "4947a0eb7d642b6048559857964966016ef3aa8b",
"versionType": "git"
},
{
"status": "affected",
"version": "b16bf76b382810257e3fb6278663a9d131b70197",
"versionType": "git"
},
{
"status": "affected",
"version": "cb1638618545182a01444b2b20a4ed6b9d2a8c8f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/kexec_file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.252",
"versionStartIncluding": "5.10.185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.202",
"versionStartIncluding": "5.15.118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.165",
"versionStartIncluding": "6.1.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.128",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.16",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.6",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkexec: derive purgatory entry from symbol\n\nkexec_load_purgatory() derives image-\u003estart by locating e_entry inside an\nSHF_EXECINSTR section. If the purgatory object contains multiple\nexecutable sections with overlapping sh_addr, the entrypoint check can\nmatch more than once and trigger a WARN.\n\nDerive the entry section from the purgatory_start symbol when present and\ncompute image-\u003estart from its final placement. Keep the existing e_entry\nfallback for purgatories that do not expose the symbol.\n\nWARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784\nCall Trace:\n \u003cTASK\u003e\n bzImage64_load+0x133/0xa00\n __do_sys_kexec_file_load+0x2b3/0x5c0\n do_syscall_64+0x81/0x610\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[me@linux.beauty: move helper to avoid forward declaration, per Baoquan]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:11:13.860Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/027797595a108726f4a0a45d225f603b0ffbd22b"
},
{
"url": "https://git.kernel.org/stable/c/1737d37ae1d2814e6cf0a1af87af3d41f0812b95"
},
{
"url": "https://git.kernel.org/stable/c/f736032c638a33a243e9126e617788f763d648f9"
},
{
"url": "https://git.kernel.org/stable/c/cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2"
},
{
"url": "https://git.kernel.org/stable/c/875355152b33436907c2a6d2ffad1431fa86c62b"
},
{
"url": "https://git.kernel.org/stable/c/36eb314184a0ae74dd42914b47d2b9fc43be8034"
},
{
"url": "https://git.kernel.org/stable/c/5226570bd252cea2e805a161cb0f75c204c3108a"
},
{
"url": "https://git.kernel.org/stable/c/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d"
}
],
"title": "kexec: derive purgatory entry from symbol",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43289",
"datePublished": "2026-05-08T13:11:13.860Z",
"dateReserved": "2026-05-01T14:12:55.999Z",
"dateUpdated": "2026-05-08T13:11:13.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43289\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-08T14:16:35.867\",\"lastModified\":\"2026-05-08T14:16:35.867\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nkexec: derive purgatory entry from symbol\\n\\nkexec_load_purgatory() derives image-\u003estart by locating e_entry inside an\\nSHF_EXECINSTR section. If the purgatory object contains multiple\\nexecutable sections with overlapping sh_addr, the entrypoint check can\\nmatch more than once and trigger a WARN.\\n\\nDerive the entry section from the purgatory_start symbol when present and\\ncompute image-\u003estart from its final placement. Keep the existing e_entry\\nfallback for purgatories that do not expose the symbol.\\n\\nWARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784\\nCall Trace:\\n \u003cTASK\u003e\\n bzImage64_load+0x133/0xa00\\n __do_sys_kexec_file_load+0x2b3/0x5c0\\n do_syscall_64+0x81/0x610\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\n[me@linux.beauty: move helper to avoid forward declaration, per Baoquan]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/027797595a108726f4a0a45d225f603b0ffbd22b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1737d37ae1d2814e6cf0a1af87af3d41f0812b95\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/36eb314184a0ae74dd42914b47d2b9fc43be8034\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5226570bd252cea2e805a161cb0f75c204c3108a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/875355152b33436907c2a6d2ffad1431fa86c62b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f736032c638a33a243e9126e617788f763d648f9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…