Description
In the Linux kernel, the following vulnerability has been resolved:

alpha: fix user-space corruption during memory compaction

Alpha systems can suffer sporadic user-space crashes and heap
corruption when memory compaction is enabled.

Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned
tcache chunk"), and compiler internal errors. The failures disappear
when compaction is disabled or when using global TLB invalidation.

The root cause is insufficient TLB shootdown during page migration.
Alpha relies on ASN-based MM context rollover for instruction cache
coherency, but this alone is not sufficient to prevent stale data or
instruction translations from surviving migration.

Fix this by introducing a migration-specific helper that combines:
- MM context invalidation (ASN rollover),
- immediate per-CPU TLB invalidation (TBI),
- synchronous cross-CPU shootdown when required.

The helper is used only by migration/compaction paths to avoid changing
global TLB semantics.

Additionally, update flush_tlb_other(), pte_clear(), to use
READ_ONCE()/WRITE_ONCE() for correct SMP memory ordering.

This fixes observed crashes on both UP and SMP Alpha systems.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs during memory compaction on Alpha processors in the Linux kernel. Insufficient TLB shootdown during page migration allows stale data or instruction translations to remain after page movement, leading to heap corruption and user‑space crashes such as SIGSEGV, glibc allocator failures, and compiler internal faults. The weakness involves a missing TLB shootdown issue (CWE‑821) and a memory corruption flaw that can lead to out‑of‑bounds writes (CWE‑787). The likely attack vector is triggering memory compaction, which may be initiated by the operating system or by an attacker via memory usage patterns.

Affected Systems

All Linux kernels running on Alpha hardware that predate the commit adding a migration‑specific helper for TLB invalidation are affected. This includes both single‑processor (UP) and multi‑processor (SMP) configurations; no specific release numbers are provided, so any version compiled from source before the fix is at risk.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a very low likelihood of public exploitation. Triggering memory compaction, which can occur automatically or via memory usage patterns, is a plausible attack vector. The impact is limited to application termination and potential memory corruption; there is no evidence supporting privilege escalation or arbitrary code execution. The risk remains until the kernel is updated or compaction is disabled. The CVSS score is 7.8, categorizing this vulnerability as high severity.

Generated by OpenCVE AI on May 11, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patched Linux kernel that includes the Alpha TLB shootdown fix introduced by commit 03e42b5f7ad4c2c3db8bd384bab7990d5d53c90f.
  • If immediate patching is not possible, disable memory compaction temporarily using the 'nocompaction' kernel boot option or the appropriate sysctl/sysfs setting until a version with the fix is deployed.
  • Reboot the system after applying the patch or disabling compaction to ensure that no stale TLB entries or compaction processes remain active.

Generated by OpenCVE AI on May 11, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc7:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned tcache chunk"), and compiler internal errors. The failures disappear when compaction is disabled or when using global TLB invalidation. The root cause is insufficient TLB shootdown during page migration. Alpha relies on ASN-based MM context rollover for instruction cache coherency, but this alone is not sufficient to prevent stale data or instruction translations from surviving migration. Fix this by introducing a migration-specific helper that combines: - MM context invalidation (ASN rollover), - immediate per-CPU TLB invalidation (TBI), - synchronous cross-CPU shootdown when required. The helper is used only by migration/compaction paths to avoid changing global TLB semantics. Additionally, update flush_tlb_other(), pte_clear(), to use READ_ONCE()/WRITE_ONCE() for correct SMP memory ordering. This fixes observed crashes on both UP and SMP Alpha systems.
Title alpha: fix user-space corruption during memory compaction
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:05.074Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:46.650

Modified: 2026-05-11T18:10:27.473

Link: CVE-2026-43258

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43258 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:45:08Z

Weaknesses