CVE-2026-43129

Source
https://cve.org/CVERecord?id=CVE-2026-43129
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43129.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43129
Downstream
Published
2026-05-06T11:27:18.180Z
Modified
2026-07-15T01:49:02.531616337Z
Summary
ima: verify the previous kernel's IMA buffer lies in addressable RAM
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: verify the previous kernel's IMA buffer lies in addressable RAM

Patch series "Address page fault in imarestoremeasurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command line such as "mem=<size>" we observe a pafe fault that happens.

BUG: unable to handle page fault for address: ffff97793ff47000
RIP: ima_restore_measurement_list+0xdc/0x45a
#PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer against memory bounds")

This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g. "mem=<size>"), the IMA measurement buffer handed over from the previous kernel may fall outside the addressable RAM of the new kernel. Accessing such a buffer can fault during early restore.

Introduce a small generic helper, imavalidaterange(), which verifies that a physical [start, end] range for the previous-kernel IMA buffer lies within addressable memory: - On x86, use pfnrangeismapped(). - On OF based architectures, use pageis_ram().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43129.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b69a2afd5afce9bf6d56e349d6ab592c916e20f2
Fixed
43308106a1762b72f3b20a44b75b2df5cb25b77b
Fixed
f11d7d088f5ed54b31c6735854c12845eb60eb4a
Fixed
9e1f51c1ad57cc76a0e8b5eb27038f8973fff4fa
Fixed
5366ec7d2f793ce703c403d7fd4c25a3db365b9d
Fixed
10d1c75ed4382a8e79874379caa2ead8952734f9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43129.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.77
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43129.json"