Description
In the Linux kernel, the following vulnerability has been resolved:

ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow

Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from
VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in
__switch_to(). The read uses ldr, but the KASAN shadow address is
byte-granular and is not guaranteed to be word aligned.

ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and
CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to()
with an alignment exception before reaching init.

Use ldrb for the dummy shadow access. The code only needs to fault in the
shadow mapping if the stack shadow is missing, so a byte load is sufficient
and matches the granularity of KASAN shadow memory.
Published: 2026-07-01
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability causes the ARM Linux kernel to perform a word load from a byte‑granular KASAN shadow area while switching contexts. On ARMv5 CPUs, unaligned word loads fault, leading to an alignment exception that crashes the system before it finishes booting. Based on the description, it is inferred that this flaw results in a kernel crash and interrupts system start‑up, but no remote code execution or data leakage is reported.

Affected Systems

The flaw affects the Linux kernel on ARMv5 architectures (for example, ARM926/VersatilePB) that have CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled. The vulnerability was introduced by commit 44e9a3bb76e5, and no specific kernel version range is given; any kernel incorporating that commit or older is potentially susceptible.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is local and requires an attacker to influence the boot process or load a module so that the context switch triggers the fault. The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating that exploitation is unlikely to be widespread. Nonetheless, the flaw is a local denial‑of‑service vulnerability that can partition or halt the affected system prior to normal operation.

Generated by OpenCVE AI on July 2, 2026 at 10:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that contains the patch replacing the unaligned word load with a byte load for the KASAN VMAP stack shadow access.
  • If upgrading is not feasible, rebuild the kernel with CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK disabled to eliminate the unaligned load path.
  • If a newer kernel version is not available, apply the upstream patch that changes the load to a byte load directly to the kernel source tree or use a supported kernel that contains the fix.

Generated by OpenCVE AI on July 2, 2026 at 10:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 06:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-140

Thu, 02 Jul 2026 00:15:00 +0000


Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-140

Wed, 01 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned. ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init. Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.
Title ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-01T13:32:23.979Z

Reserved: 2026-06-09T07:44:35.399Z

Link: CVE-2026-53343

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-07-01T00:00:00Z

Links: CVE-2026-53343 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T10:45:03Z

Weaknesses
  • CWE-468

    Incorrect Pointer Scaling