CVE-2026-43261 - Vulnerability Details

- arm64: Add support for TSV110 Spectre-BHB mitigation

Description

In the Linux kernel, the following vulnerability has been resolved:

arm64: Add support for TSV110 Spectre-BHB mitigation

The TSV110 processor is vulnerable to the Spectre-BHB (Branch History
Buffer) attack, which can be exploited to leak information through
branch prediction side channels. This commit adds the MIDR of TSV110
to the list for software mitigation.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The TSV110 processor is affected by the Spectre‑BHB (Branch History Buffer) vulnerability, which allows an attacker to exploit the branch prediction side channel to read sensitive memory locations. In the Linux arm64 kernel, a software mitigation was added via a commit that records the processor’s MIDR in the Spectre‑BHB mitigation table, effectively suppressing the faulty branch prediction logic for that CPU. Without this safeguard, kernel‑mode code could potentially expose data that it should not access.

Affected Systems

Any system running an arm64 Linux kernel that contains a TSV110 processor is vulnerable. The vulnerability is kernel‑wide and has no specific version bound; until the mitigation commit is incorporated into a kernel build, all arm64 kernels on a TSV110 are at risk. Other ARM CPUs are not affected.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity and the EPSS score of less than 1% reflects a low probability of exploitation. The vulnerability is currently not listed in the CISA KEV catalog. Based on the description, the plausible attack vector is local: an attacker with kernel or privileged code execution could activate the branch history buffer leak on a TSV110, resulting in data disclosure. Enabling the BHB mitigation in the kernel configuration and including the TSV110 MIDR in the mitigation list reduces the exposure.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e192c8baa69ac8a5585d61ac535aa1e5eb795e80`	affected	< 598c11dd4f4a9de31d854fcb9702f54c1c70f0d0
`4bbfd0c280254b273c564767021bb9b0f945148e`	affected	< a8d0ad5d990b050a6db74218a34b5529085e16b8
`558c303c9734af5a813739cd284879227f7297d2`	affected	< cccf96c49f61e47d9332d6a4d1c7fe9a2df44440
`558c303c9734af5a813739cd284879227f7297d2`	affected	< fd7e360845d331f542854d552469544182e61134
`558c303c9734af5a813739cd284879227f7297d2`	affected	< 5dbe1f14359735fa50ba0dd4a496125b5bc7f422
`558c303c9734af5a813739cd284879227f7297d2`	affected	< fd51d47fcacec3ca027eb65d8c44853d3b6cea95
`558c303c9734af5a813739cd284879227f7297d2`	affected	< ad0c356cae164ed5dbd1f4cfd438e46faa5292cb
`558c303c9734af5a813739cd284879227f7297d2`	affected	< e3baa5d4b361276efeb87b20d8beced451a7dbd5
`4dd8aae585a51a1d276911fe19096ad90144e9fe`	affected	—
`3e3904125fccd042fda24294624e8f66699fd06d`	affected	—
`c20d551744797000c4af993f7d59ef8c69732949`	affected	—
`9013fd4bc958b33c3b4d5a2eaf4ded9857600395`	affected	—
`0b2bf1b37b5ebd90e69e30d8c2d6e1cd0c1f37b4`	affected	—
`5.10.105`	affected	< 5.10.252
`5.15.28`	affected	< 5.15.202
`4.9.310`	affected	< 4.10
`4.14.275`	affected	< 4.15
`4.19.236`	affected	< 4.20
`5.4.186`	affected	< 5.5
`5.16.14`	affected	< 5.17

Linux

affected

Version	Status	Constraints
`5.17`	affected	—
`0`	unaffected	< 5.17
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,598c11dd4f4a9de31d854fcb9702f54c1c70f0d0)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a8d0ad5d990b050a6db74218a34b5529085e16b8)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,cccf96c49f61e47d9332d6a4d1c7fe9a2df44440)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fd7e360845d331f542854d552469544182e61134)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,5dbe1f14359735fa50ba0dd4a496125b5bc7f422)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fd51d47fcacec3ca027eb65d8c44853d3b6cea95)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ad0c356cae164ed5dbd1f4cfd438e46faa5292cb)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e3baa5d4b361276efeb87b20d8beced451a7dbd5)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the kernel to a build that contains the commit adding TSV110 to the Spectre‑BHB mitigation list.
Ensure the kernel configuration enables ARM64 BHB mitigation by having CONFIG_ARM64_SPECTRE_BHB set to y.
If an immediate kernel update is not possible, limit untrusted workloads to a hypervisor or container that does not allow kernel‑mode execution on the affected processor.

Generated by OpenCVE AI on May 8, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/598c11dd4f4a9de31d854fcb9702f54c1c70f0d0
https://git.kernel.org/stable/c/5dbe1f14359735fa50ba0dd4a496125b5bc7f422
https://git.kernel.org/stable/c/a8d0ad5d990b050a6db74218a34b5529085e16b8
https://git.kernel.org/stable/c/ad0c356cae164ed5dbd1f4cfd438e46faa5292cb
https://git.kernel.org/stable/c/cccf96c49f61e47d9332d6a4d1c7fe9a2df44440
https://git.kernel.org/stable/c/e3baa5d4b361276efeb87b20d8beced451a7dbd5
https://git.kernel.org/stable/c/fd51d47fcacec3ca027eb65d8c44853d3b6cea95
https://git.kernel.org/stable/c/fd7e360845d331f542854d552469544182e61134
https://lore.kernel.org/linux-cve-announce/2026050607-CVE-2026-43261-d70e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43261
https://www.cve.org/CVERecord?id=CVE-2026-43261

History

Fri, 08 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-515
References		https://lore.kernel.org/linux-cve-announce/2026050607-CVE-2026-43261-d70e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43261 https://www.cve.org/CVERecord?id=CVE-2026-43261
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB (Branch History Buffer) attack, which can be exploited to leak information through branch prediction side channels. This commit adds the MIDR of TSV110 to the list for software mitigation.
Title		arm64: Add support for TSV110 Spectre-BHB mitigation
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/598c11dd4f4a9de31d854fcb9702f54c1c70f0d0 https://git.kernel.org/stable/c/5dbe1f14359735fa50ba0dd4a496125b5bc7f422 https://git.kernel.org/stable/c/a8d0ad5d990b050a6db74218a34b5529085e16b8 https://git.kernel.org/stable/c/ad0c356cae164ed5dbd1f4cfd438e46faa5292cb https://git.kernel.org/stable/c/cccf96c49f61e47d9332d6a4d1c7fe9a2df44440 https://git.kernel.org/stable/c/e3baa5d4b361276efeb87b20d8beced451a7dbd5 https://git.kernel.org/stable/c/fd51d47fcacec3ca027eb65d8c44853d3b6cea95 https://git.kernel.org/stable/c/fd7e360845d331f542854d552469544182e61134

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:48.823Z

Updated: 2026-05-23T16:06:36.101Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43261

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:47.003

Modified: 2026-05-08T20:37:34.800

Link: CVE-2026-43261

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43261 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T22:00:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object