CVE-2026-43071CRITICAL 9.1EPSS p30.6%
CVE-2026-43071CVE-2026-43071
linux / linux_kernel
Description
In the Linux kernel, the following vulnerability has been resolved:
dcache: Limit the minimal number of bucket to two
There is an OOB read problem on dentry_hashtable when user sets
'dhash_entries=1':
BUG: unable to handle page fault for address: ffff888b30b774b0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
Oops: Oops: 0000 [#1] SMP PTI
RIP: 0010:__d_lookup+0x56/0x120
Call Trace:
d_lookup.cold+0x16/0x5d
lookup_dcache+0x27/0xf0
lookup_one_qstr_excl+0x2a/0x180
start_dirop+0x55/0xa0
simple_start_creating+0x8d/0xa0
debugfs_start_creating+0x8c/0x180
debugfs_create_dir+0x1d/0x1c0
pinctrl_init+0x6d/0x140
do_one_initcall+0x6d/0x3d0
kernel_init_freeable+0x39f/0x460
kernel_init+0x2a/0x260
There will be only one bucket in dentry_hashtable when dhash_entries is
set as one, and d_hash_shift is calculated as 32 by dcache_init(). Then,
following process will access more than one buckets(which memory r
Scoring
| CVSS 3.1 | 9.1 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
| EPSS | 0.39% probability of exploitation · percentile 30.6% · 2026-06-19T12:03:05Z |
| Published | 2026-05-05 |
| Last modified | 2026-06-01 |
References
- https://git.kernel.org/stable/c/277cedabb0ab86baae83fa58218be13c6d3e5526
- https://git.kernel.org/stable/c/426ef05e82ee52c8d0e95fc0808b7383d8352d73
- https://git.kernel.org/stable/c/5718df131ab78897a9dd1f2e71c3ba732d4392af
- https://git.kernel.org/stable/c/755b40903eff563768d4d96fd4ef51ec48adde3b
- https://git.kernel.org/stable/c/ddd57ebce245f9c7e2f6902a6c087d6186d2385d
- https://git.kernel.org/stable/c/f08fe8891c3eeb63b73f9f1f6d97aa629c821579
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.