{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43210","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.993Z","datePublished":"2026-05-06T11:28:13.609Z","dateUpdated":"2026-05-11T22:20:07.951Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:20:07.951Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the length of the event could be broken.\nIn that case, the new event (e + len) can point a wrong address.\nTo avoid invalid memory access at boot, check whether the length of\neach event is in the possible range before using it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ring_buffer.c"],"versions":[{"version":"5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55","lessThan":"b4700c089a10f89de3a5149d57f8a58306458982","status":"affected","versionType":"git"},{"version":"5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55","lessThan":"5026010110a5ad2268d8c23e1e286ab7c736f7ac","status":"affected","versionType":"git"},{"version":"5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55","lessThan":"9eb80e54494ef1efef8a64bec4ffa672c9cf411e","status":"affected","versionType":"git"},{"version":"5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55","lessThan":"912b0ee248c529a4f45d1e7f568dc1adddbf2a4a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ring_buffer.c"],"versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b4700c089a10f89de3a5149d57f8a58306458982"},{"url":"https://git.kernel.org/stable/c/5026010110a5ad2268d8c23e1e286ab7c736f7ac"},{"url":"https://git.kernel.org/stable/c/9eb80e54494ef1efef8a64bec4ffa672c9cf411e"},{"url":"https://git.kernel.org/stable/c/912b0ee248c529a4f45d1e7f568dc1adddbf2a4a"}],"title":"tracing: ring-buffer: Fix to check event length before using","x_generator":{"engine":"bippy-1.2.0"}}}}