CVE-2026-53343
CVE-2026-53343 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (6th percentile)
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned. ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init. Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.
Frequently asked questions
- What is CVE-2026-53343?
- In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned. ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init. Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.
- Is CVE-2026-53343 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (6th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-53343?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-53343 published?
- CVE-2026-53343 was published on 2026-07-01.
References
- https://git.kernel.org/stable/c/2a4dc9a0ac3326e79fb58fdaae724b92127709a9
- https://git.kernel.org/stable/c/517720913bd3c17a52cd55a740064f68455ab88e
- https://git.kernel.org/stable/c/77a1f6883dc6e837bb2cb30b9b02e2f94338e2c6
- https://git.kernel.org/stable/c/c0b8c148a7754826156993ed6442d31536ec86b4
- https://git.kernel.org/stable/c/c2e3aadc8fef7da068490597fc5582f8f362aeb2
- https://git.kernel.org/stable/c/c74990828d3c486ee44aaa68240eb3abff289d1c