CVE-2026-43351
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/05/2026
Last modified:
15/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: arm64: Eagerly init vgic dist/redist on vgic creation<br />
<br />
If vgic_allocate_private_irqs_locked() fails for any odd reason,<br />
we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.<br />
<br />
kvm_vgic_dist_destroy() then comes along and walks into the weeds<br />
trying to free the RDs. Got to love this stuff.<br />
<br />
Solve it by moving all the static initialisation early, and make<br />
sure that if we fail halfway, we&#39;re in a reasonable shape to<br />
perform the rest of the teardown. While at it, reset the vgic model<br />
on failure, just in case...
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14.1 (including) | 6.18.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page