CVE-2026-43351 - Vulnerability Details

- KVM: arm64: Eagerly init vgic dist/redist on vgic creation

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Eagerly init vgic dist/redist on vgic creation

If vgic_allocate_private_irqs_locked() fails for any odd reason,
we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.

kvm_vgic_dist_destroy() then comes along and walks into the weeds
trying to free the RDs. Got to love this stuff.

Solve it by moving all the static initialisation early, and make
sure that if we fail halfway, we're in a reasonable shape to
perform the rest of the teardown. While at it, reset the vgic model
on failure, just in case...

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The fault stems from the Linux kernel’s KVM arm64 code that initializes the virtual Generic Interrupt Controller (VGIC) distribution domain. If the helper function `vgic_allocate_private_irqs_locked()` fails, the main creation routine exits early and leaves the region descriptors (`dist->rd_regions`) uninitialized. When the VGIC teardown routine later runs, it attempts to free these uninitialized regions, which can cause a kernel panic or crash. Based on the description, it is inferred that successful exploitation of this flaw would result in a denial‑of‑service condition on the host or virtual machine rather than remote code execution or privilege escalation.

Affected Systems

The problem exists in all Linux kernel releases for arm64 that contain the unpatched KVM VGIC initialization code. It affects hosts running KVM with the VGIC feature enabled. No specific vendor or distribution versions are listed beyond the generic Linux kernel, so any distribution that relies on the upstream kernel source for arm64 hosts is potentially vulnerable until the corrective commit is incorporated.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. No publicly documented exploits are available, and the EPSS score is not provided. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require privileged access to the host to trigger VM creation or destruction that paths through the failing code path, so the most likely attack vector is local privileged. The overall risk is medium for systems that frequently spin up KVM guests on arm64 hardware, because a crash could affect the entire host.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b3aa9283c0c505b5cfd25f7d6cfd720de2adc807`	affected	< b7493f48c3dba75674a4ee505b4afa8fe5102457
`b3aa9283c0c505b5cfd25f7d6cfd720de2adc807`	affected	< a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c
`b3aa9283c0c505b5cfd25f7d6cfd720de2adc807`	affected	< ac6769c8f948dff33265c50e524aebf9aa6f1be0

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[b3aa9283c0c505b5cfd25f7d6cfd720de2adc807,b7493f48c3dba75674a4ee505b4afa8fe5102457)`	affected	code_commit	—
`[b3aa9283c0c505b5cfd25f7d6cfd720de2adc807,a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c)`	affected	code_commit	—
`[b3aa9283c0c505b5cfd25f7d6cfd720de2adc807,ac6769c8f948dff33265c50e524aebf9aa6f1be0)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.14`	affected	semver	—
`[0,6.14)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the commit that repairs VGIC initialization; the patch is referenced in the kernel Git repository.
If an immediate kernel upgrade is not feasible, disable the KVM VGIC feature by rebuilding the kernel with the configuration option `CONFIG_KVM_VGIC` disabled or by removing the vgic module, to avoid the faulty code path.
Check with your Linux distribution's security advisories for back‑ported fixes and apply any available updated kernel package that contains the fix.

Generated by OpenCVE AI on May 9, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c
https://git.kernel.org/stable/c/ac6769c8f948dff33265c50e524aebf9aa6f1be0
https://git.kernel.org/stable/c/b7493f48c3dba75674a4ee505b4afa8fe5102457
https://lore.kernel.org/linux-cve-announce/2026050820-CVE-2026-43351-da54@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43351
https://www.cve.org/CVERecord?id=CVE-2026-43351

History

Sat, 09 May 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665 CWE-788

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026050820-CVE-2026-43351-da54@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43351 https://www.cve.org/CVERecord?id=CVE-2026-43351
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665 CWE-788

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. kvm_vgic_dist_destroy() then comes along and walks into the weeds trying to free the RDs. Got to love this stuff. Solve it by moving all the static initialisation early, and make sure that if we fail halfway, we're in a reasonable shape to perform the rest of the teardown. While at it, reset the vgic model on failure, just in case...
Title		KVM: arm64: Eagerly init vgic dist/redist on vgic creation
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c https://git.kernel.org/stable/c/ac6769c8f948dff33265c50e524aebf9aa6f1be0 https://git.kernel.org/stable/c/b7493f48c3dba75674a4ee505b4afa8fe5102457

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:08.868Z

Updated: 2026-05-08T14:21:08.868Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43351

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:45.830

Modified: 2026-05-08T15:16:45.830

Link: CVE-2026-43351

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43351 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses

CWE-824

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object