CVE-2026-43486

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the arm64 architecture where the contpte ptep set access flags() function incorrectly detects no-op operations by comparing a gathered ptep get() value against the requested entry. Because ptep get() combines Access Flag (AF) and dirty bits from all sub-PTEs in a contiguous (CONT) block, a dirty sibling can make a target appear already-dirty. This leads to the function returning 0 even if the target sub-PTE still has PTE RDONLY set in hardware.

While this behavior is acceptable for CPUs with FEAT HAFDBS, page-table walkers that evaluate descriptors individually—such as CPUs without DBM support, SMMUs without HTTU, or those with HA/HD disabled in CD.TCR—may continuously fault on the unchanged target sub-PTE. This can result in an infinite fault loop during read faults (where the target lacks PTE AF) or write faults (where the target still has PTE RDONLY).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.