CVE-2026-43486
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
13/05/2026
Última modificación:
26/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults<br />
<br />
contpte_ptep_set_access_flags() compared the gathered ptep_get() value<br />
against the requested entry to detect no-ops. ptep_get() ORs AF/dirty<br />
from all sub-PTEs in the CONT block, so a dirty sibling can make the<br />
target appear already-dirty. When the gathered value matches entry, the<br />
function returns 0 even though the target sub-PTE still has PTE_RDONLY<br />
set in hardware.<br />
<br />
For a CPU with FEAT_HAFDBS this gathered view is fine, since hardware may<br />
set AF/dirty on any sub-PTE and CPU TLB behavior is effectively gathered<br />
across the CONT range. But page-table walkers that evaluate each<br />
descriptor individually (e.g. a CPU without DBM support, or an SMMU<br />
without HTTU, or with HA/HD disabled in CD.TCR) can keep faulting on the<br />
unchanged target sub-PTE, causing an infinite fault loop.<br />
<br />
Gathering can therefore cause false no-ops when only a sibling has been<br />
updated:<br />
- write faults: target still has PTE_RDONLY (needs PTE_RDONLY cleared)<br />
- read faults: target still lacks PTE_AF<br />
<br />
Fix by checking each sub-PTE against the requested AF/dirty/write state<br />
(the same bits consumed by __ptep_set_access_flags()), using raw<br />
per-PTE values rather than the gathered ptep_get() view, before<br />
returning no-op. Keep using the raw target PTE for the write-bit unfold<br />
decision.<br />
<br />
Per Arm ARM (DDI 0487) D8.7.1 ("The Contiguous bit"), any sub-PTE in a CONT<br />
range may become the effective cached translation and software must<br />
maintain consistent attributes across the range.
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.9 (incluyendo) | 6.12.78 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.19 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.9 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



