CVE-2026-43109

Source
https://cve.org/CVERecord?id=CVE-2026-43109
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43109.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43109
Downstream
Related
Published
2026-05-06T07:40:36.532Z
Modified
2026-07-15T01:49:17.028181138Z
Summary
x86: shadow stacks: proper error handling for mmap lock
Details

In the Linux kernel, the following vulnerability has been resolved:

x86: shadow stacks: proper error handling for mmap lock

김영민 reports that shstkpopsigframe() doesn't check for errors from mmapreadlockkillable(), which is a silly oversight, and also shows that we haven't marked those functions with "mustcheck", which would have immediately caught it.

So let's fix both issues.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43109.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7fad2a432cd35bbf104d2d9d426e74902f22aa95
Fixed
c79cf42321600e931933e11f94aba8b245d4cd66
Fixed
1a30468eff661937d978495644d2e5ebfeef5ce6
Fixed
c64cebcc5c4f223dbcbe7dcdf74908fc092a0aa4
Fixed
262b6d38a81d51b135db81e1f30c13d30e38feee
Fixed
52f657e34d7b21b47434d9d8b26fa7f6778b63a0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43109.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.24
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43109.json"