VYPR
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-43240

CVE-2026-43240

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/kexec: add a sanity check on previous kernel's ima kexec buffer

When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement list may fall outside the truncated RAM leading to a kernel panic.

BUG: unable to handle page fault for address: ffff97793ff47000 RIP: ima_restore_measurement_list+0xdc/0x45a #PF: error_code(0x0000) – not-present page

Other architectures already validate the range with page_is_ram(), as done in commit cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer against memory bounds") do a similar check on x86.

Without carrying the measurement list across kexec, the attestation would fail.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.0,<6.1.165

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.