CVE-2026-43148 - Vulnerability Details

- powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()

Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()

As kcalloc() may fail, check its return value to avoid a NULL pointer
dereference when passing it to of_property_read_u32_array().

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from a missing check for a failed kcalloc() call in the parse_thread_groups function on PowerPC SMP systems. When kcalloc() returns NULL, the subsequent of_property_read_u32_array() call dereferences the pointer, causing a kernel panic. This results in a complete loss of system availability for the affected node.

Affected Systems

The flaw exists in the Linux kernel code that targets PowerPC architectures with SMP support enabled. Versions of the kernel that have not incorporated the commit adding the null‑pointer check remain vulnerable; specific kernel releases are not enumerated in the advisory, indicating the issue applies to any unpatched PowerPC SMP kernel.

Risk and Exploitability

The attack requires privileged local access, typically during system boot or when a device tree is parsed. The likely attack vector is a local attacker triggering device tree parsing while having sufficient privileges. No CVSS score or EPSS value is provided, and the issue is not listed in the CISA KEV catalog, suggesting that the exploitation probability is not quantified. Successful exploitation would lead to an immediate kernel crash and denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< 1de31dba19c3cd0c1caf388a286b46df638f0b91
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< b265e53d9adfbb5751713185843f7188aa9dd066
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< 9d0ca11258e7b452653d04310addfec1753de1a2
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< ca46d2092f307385a7acfb42632056570d6dbbbc
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< 9b85c8f624b0f8cf9b932f5a65dacd56a1f47a72
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< 8b221db0b7d24675e465e98d9326d298025a4e8d
`790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2`	affected	< 33c1c6d8a28a2761ac74b0380b2563cf546c2a3a

Linux

affected

Version	Status	Constraints
`5.11`	affected	—
`0`	unaffected	< 5.11
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,1de31dba19c3cd0c1caf388a286b46df638f0b91)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,b265e53d9adfbb5751713185843f7188aa9dd066)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,9d0ca11258e7b452653d04310addfec1753de1a2)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,ca46d2092f307385a7acfb42632056570d6dbbbc)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,9b85c8f624b0f8cf9b932f5a65dacd56a1f47a72)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,8b221db0b7d24675e465e98d9326d298025a4e8d)`	affected	code_commit	—
`[790a1662d3a26fe9fa5f691386d8fde6bb8b0dc2,33c1c6d8a28a2761ac74b0380b2563cf546c2a3a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.11`	affected	semver	—
`[0,5.11)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a revision that includes the null‑pointer check for kcalloc() in parse_thread_groups
Reboot the system so the patched kernel takes effect
If compiling the kernel yourself, rebuild the SMP configuration after applying the commit that adds the check

Generated by OpenCVE AI on May 6, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1de31dba19c3cd0c1caf388a286b46df638f0b91
https://git.kernel.org/stable/c/33c1c6d8a28a2761ac74b0380b2563cf546c2a3a
https://git.kernel.org/stable/c/8b221db0b7d24675e465e98d9326d298025a4e8d
https://git.kernel.org/stable/c/9b85c8f624b0f8cf9b932f5a65dacd56a1f47a72
https://git.kernel.org/stable/c/9d0ca11258e7b452653d04310addfec1753de1a2
https://git.kernel.org/stable/c/b265e53d9adfbb5751713185843f7188aa9dd066
https://git.kernel.org/stable/c/ca46d2092f307385a7acfb42632056570d6dbbbc

History

Wed, 06 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Title		powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1de31dba19c3cd0c1caf388a286b46df638f0b91 https://git.kernel.org/stable/c/33c1c6d8a28a2761ac74b0380b2563cf546c2a3a https://git.kernel.org/stable/c/8b221db0b7d24675e465e98d9326d298025a4e8d https://git.kernel.org/stable/c/9b85c8f624b0f8cf9b932f5a65dacd56a1f47a72 https://git.kernel.org/stable/c/9d0ca11258e7b452653d04310addfec1753de1a2 https://git.kernel.org/stable/c/b265e53d9adfbb5751713185843f7188aa9dd066 https://git.kernel.org/stable/c/ca46d2092f307385a7acfb42632056570d6dbbbc

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:30.902Z

Updated: 2026-05-06T11:27:30.902Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43148

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:32.417

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43148

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T18:00:11Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object