Description
In the Linux kernel, the following vulnerability has been resolved:

x86: shadow stacks: proper error handling for mmap lock

김영민 reports that shstk_pop_sigframe() doesn't check for errors from
mmap_read_lock_killable(), which is a silly oversight, and also shows
that we haven't marked those functions with "__must_check", which would
have immediately caught it.

So let's fix both issues.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs when the Linux kernel’s shadow stack routine shstk_pop_sigframe() fails to verify the return value of mmap_read_lock_killable(). Because the routine continues execution with an invalid or missing lock, kernel data structures may be incorrectly accessed or modified, leading to a crash or corrupt state. The vulnerability is an example of improper resource locking, a weakness that can impair system stability and availability.

Affected Systems

All versions of the Linux kernel that contain the unpatched shstk_pop_sigframe implementation are vulnerable. The product impacted is the Linux kernel; the vendor is Linux. No specific version range is listed, so any build prior to the inclusion of the fix is potentially affected.

Risk and Exploitability

The EPSS score of < 1% and absence from CISA KEV indicate that no large‑scale exploitation activity is known. The CVSS score of 5.5 denotes moderate severity; exploitation would likely require local privileged or kernel execution authority. Remote exploitation without such privileges is improbable. Overall, the risk is moderate, increasing to high if the flaw is successfully leveraged to trigger a kernel panic.

Generated by OpenCVE AI on May 11, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest stable Linux kernel release that includes the shstk_pop_sigframe error‑handling patch.
  • If an immediate upgrade is not possible, backport or apply the upstream patch that adds proper error checking and the "__must_check" attribute to the affected functions.
  • After implementing the patch or upgrade, monitor kernel logs for shadow‑stack related assertions or crash reports to confirm the fix’s effectiveness.

Generated by OpenCVE AI on May 11, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6274-1 linux security update
History

Sun, 17 May 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 14 May 2026 15:15:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-414
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstk_pop_sigframe() doesn't check for errors from mmap_read_lock_killable(), which is a silly oversight, and also shows that we haven't marked those functions with "__must_check", which would have immediately caught it. So let's fix both issues.
Title x86: shadow stacks: proper error handling for mmap lock
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-17T15:21:37.731Z

Reserved: 2026-05-01T14:12:55.986Z

Link: CVE-2026-43109

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-05-06T10:16:24.577

Modified: 2026-05-17T16:16:16.517

Link: CVE-2026-43109

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43109 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:30:16Z

Weaknesses