PT-2026-39077 · Linux · Linux Kernel

CVE-2026-43416

·

Published

2026-05-08

·

Updated

2026-05-29

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the powerpc architecture's perf subsystem where the kernel fails to verify if current->mm is active before attempting to retrieve the user callchain. This can lead to a kernel NULL pointer dereference and subsequent kernel panic if the memory descriptor (mm) has already been released. This issue was observed when running profiling BPF programs, specifically within the perf callchain user 64() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43416
OESA-2026-2493
OESA-2026-2494
OESA-2026-2495

Affected Products

Linux Kernel