CVE-2026-43433

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A Time-of-Check to Time-of-Use (TOCTOU) issue exists in the rust binder component. When a transaction is sent, the offsets array is copied into the target process's virtual memory area (VMA) and subsequently read back. If a target process can write to its own read-only VMA, it could modify the offset before the kernel reads it. This could lead to the kernel misinterpreting the sender's intent and potentially allow the receiver to escalate privileges into the sender.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.