CVE-2026-43285

Source
https://cve.org/CVERecord?id=CVE-2026-43285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43285
Downstream
Published
2026-05-08T13:11:11.191Z
Modified
2026-07-08T08:13:27.365187523Z
Summary
mm/slab: do not access current->mems_allowed_seq if !allow_spin
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/slab: do not access current->memsallowedseq if !allow_spin

Lockdep complains when getfromanypartial() is called in an NMI context, because current->memsallowedseq is seqcountspinlock_t and not NMI-safe:

================================ WARNING: inconsistent lock state 6.19.0-rc5-kfree-rcu+ #315 Tainted: G N


inconsistent {INITIAL USE} -> {IN-NMI} usage. kunittrycatch/9989 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff889085799820 (&____s->seqcount#3){.-.-}-{0:0}, at: ___slaballoc+0x58f/0xc00 {INITIAL USE} state was registered at: lockacquire+0x185/0x320 kernelinitfreeable+0x391/0x1150 kernelinit+0x1f/0x220 retfromfork+0x736/0x8f0 retfromforkasm+0x1a/0x30 irq event stamp: 56 hardirqs last enabled at (55): [<ffffffff850a68d7>] rawspinunlockirq+0x27/0x70 hardirqs last disabled at (56): [<ffffffff850858ca>] _schedule+0x2a8a/0x6630 softirqs last enabled at (0): [<ffffffff81536711>] copyprocess+0x1dc1/0x6a10 softirqs last disabled at (0): [<0000000000000000>] 0x0

other info that might help us debug this: Possible unsafe locking scenario:

     CPU0
     ----
lock(&____s->seqcount#3);
<Interrupt>
  lock(&____s->seqcount#3);

*** DEADLOCK ***

According to Documentation/locking/seqlock.rst, seqcountt is not NMI-safe and seqcountlatcht should be used when read path can interrupt the write-side critical section. In this case, do not access current->memsallowed_seq and avoid retry.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43285.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af92793e52c3a99b828ed4bdd277fd3e11c18d08
Fixed
353dd9934447b9193643ae1afd938607a74d4915
Fixed
efd767ddcef0669bbd33c6a823ea0a88f06d4b29
Fixed
144080a5823b2dbd635acb6decf7ab23182664f3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43285.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43285.json"