VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-43108

CVE-2026-43108

Description

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei

It looks element length declared in servreg_loc_pfr_req_ei for reason not matching servreg_loc_pfr_req's reason field due which we could observe decoding error on PD crash.

qmi_decode_string_elem: String len 81 >= Max Len 65

Fix this by matching with servreg_loc_pfr_req's reason field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A mismatch in the declared element length for the reason field in servreg_loc_pfr_req_ei causes QMI decoding errors on PD crash in Qualcomm pd-mapper.

Vulnerability

The Linux kernel contains a bug in the Qualcomm pd-mapper (soc: qcom: pd-mapper) component. The element length declared in the servreg_loc_pfr_req_ei structure for the reason field does not match the actual reason field in servreg_loc_pfr_req. This mismatch leads to a QMI decoding error when a protection domain (PD) crash occurs, as evidenced by the kernel log message "qmi_decode_string_elem: String len 81 >= Max Len 65" [1].

Exploitation

This vulnerability is triggered when the pd-mapper processes a servreg_loc_pfr_req message, typically during a PD crash event. An attacker able to induce a PD crash on a Qualcomm SoC device could exploit this to cause the kernel to log a decoding error. The attack surface is limited to local users or processes that can influence PD behavior, as the pd-mapper operates in kernel space and handles QMI communication between subsystems.

Impact

While the bug itself results in a decoding error message, it indicates a broader issue of incorrect element sizing in the QMI message definition. In worst-case scenarios, such mismatches could lead to memory corruption or denial of service if the QMI decoder misinterprets data. The current manifestation is a decoding error, but the root cause is a structural defect that could have more severe consequences under specific conditions.

Mitigation

The fix has been applied in the stable kernel trees, as referenced in the Git commits [1] [2] [3] [4]. Users are advised to update to the latest stable kernel versions that include this patch. No workarounds are documented; the proper mitigation is to apply the kernel update.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Linux/Kernel8 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.11,<6.12.83
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.