In the Linux kernel, the following vulnerability has been resolved:

x86/kexec: add a sanity check on previous kernel's ima kexec buffer

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>", the physical range that contains the carried
over IMA measurement list may fall outside the truncated RAM leading to a
kernel panic.

BUG: unable to handle page fault for address: ffff97793ff47000
RIP: ima_restore_measurement_list+0xdc/0x45a
#PF: error_code(0x0000) – not-present page

Other architectures already validate the range with page_is_ram(), as done
in commit cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds") do a similar check on x86.

Without carrying the measurement list across kexec, the attestation
would fail.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < 37f18915a261afe84dab462624ed829cddb77a9b
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < 22e460b6333a5f818b042ac89201f8e735556f4a
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < f8f73bf0f8a57ee9b86792456bd42079bc98c6b7
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < d4a132f121c591b60dbaf57ea91f1faf11631fbc
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < 4d7a8f5f28187e3d2958b2a134473da2665207e7
b69a2afd5afce9bf6d56e349d6ab592c916e20f2 affected < c5489d04337b47e93c0623e8145fcba3f5739efd
Linux Linux affected
Version Status Constraints
6.0 affected
0 unaffected < 6.0
6.1.165 unaffected ≤ 6.1.*
6.6.128 unaffected ≤ 6.6.*
6.12.75 unaffected ≤ 6.12.*
6.18.16 unaffected ≤ 6.18.*
6.19.6 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/22e460b6333a5f818b042ac89201f8e735556f4a cve-icon cve-icon
https://git.kernel.org/stable/c/37f18915a261afe84dab462624ed829cddb77a9b cve-icon cve-icon
https://git.kernel.org/stable/c/4d7a8f5f28187e3d2958b2a134473da2665207e7 cve-icon cve-icon
https://git.kernel.org/stable/c/c5489d04337b47e93c0623e8145fcba3f5739efd cve-icon cve-icon
https://git.kernel.org/stable/c/d4a132f121c591b60dbaf57ea91f1faf11631fbc cve-icon cve-icon
https://git.kernel.org/stable/c/f8f73bf0f8a57ee9b86792456bd42079bc98c6b7 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050659-CVE-2026-43240-114a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-43240 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-43240 cve-icon
History

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=<size>", the physical range that contains the carried over IMA measurement list may fall outside the truncated RAM leading to a kernel panic. BUG: unable to handle page fault for address: ffff97793ff47000 RIP: ima_restore_measurement_list+0xdc/0x45a #PF: error_code(0x0000) – not-present page Other architectures already validate the range with page_is_ram(), as done in commit cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer against memory bounds") do a similar check on x86. Without carrying the measurement list across kexec, the attestation would fail.
Title x86/kexec: add a sanity check on previous kernel's ima kexec buffer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:34.269Z

Reserved: 2026-05-01T14:12:55.995Z

Link: CVE-2026-43240

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:44.330

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43240

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43240 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T04:00:14Z

Weaknesses