Description
In the Linux kernel, the following vulnerability has been resolved:

tracing: ring-buffer: Fix to check event length before using

Check the event length before adding it for accessing next index in
rb_read_data_buffer(). Since this function is used for validating
possibly broken ring buffers, the length of the event could be broken.
In that case, the new event (e + len) can point a wrong address.
To avoid invalid memory access at boot, check whether the length of
each event is in the possible range before using it.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel tracing ring‑buffer subsystem fails to validate the length of an event before calculating the offset for the next buffer slot. Without this check, the computed address may reference an unintended memory region, potentially reading or writing beyond the allocated buffer. Such unchecked memory access can corrupt kernel memory, leading to crashes or data corruption. The vulnerability has been fixed by adding a length‑verification guard in rb_read_data_buffer().

Affected Systems

All Linux kernel releases that compile the tracing ring‑buffer code and contain the vulnerability, prior to the inclusion of the length‑check fix. This includes the default distribution kernels that have not been updated to the patched version.

Risk and Exploitability

No EPSS score is reported and the issue is not listed in the CISA KEV catalog, indicating no widespread active exploitation has been documented. The flaw presents an out‑of‑bounds kernel memory operation that could be exploited by an attacker capable of injecting crafted events into the ring buffer. The attack vector is inferred to be a local or compromised user able to trigger the vulnerable tracing code, potentially causing kernel corruption or intentional denial of service.

Generated by OpenCVE AI on May 6, 2026 at 16:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the ring‑buffer length‑check patch
  • If a kernel update cannot be applied immediately, disable the tracing or ftrace subsystem to prevent the vulnerable code path from executing
  • Continuously monitor boot logs and kernel stability for evidence of panics or abnormal behavior that might indicate exploitation

Generated by OpenCVE AI on May 6, 2026 at 16:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: tracing: ring-buffer: Fix to check event length before using Check the event length before adding it for accessing next index in rb_read_data_buffer(). Since this function is used for validating possibly broken ring buffers, the length of the event could be broken. In that case, the new event (e + len) can point a wrong address. To avoid invalid memory access at boot, check whether the length of each event is in the possible range before using it.
Title tracing: ring-buffer: Fix to check event length before using
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:13.609Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43210

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:40.417

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T17:30:07Z

Weaknesses