PatchSiren cyber security CVE debrief

CVE-2026-43129 Linux CVE debrief

CVE-2026-43129 is a Linux kernel availability issue in IMA measurement-list restore during kexec boot. According to the official description, if the second-stage kernel starts with a memory-limiting command line such as mem=<size>, the IMA buffer handed over from the previous kernel can fall outside the new kernel’s addressable RAM. Accessing that buffer during early restore can trigger a page fault and crash the boot path. The published fix adds range validation before the buffer is used.

Vendor: Linux
Product: CVE-2026-43129
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-06
Original CVE updated: 2026-05-11
Advisory published: 2026-05-06
Advisory updated: 2026-05-11

Who should care

Linux administrators and OEMs that use kexec, kdump, or IMA on systems that may boot with constrained memory maps. This is most relevant for operators tracking affected kernel releases and for builders of custom kernels that may need to backport the fix.

Technical summary

NVD rates the issue CVSS 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting a local availability impact. The source description says the fault occurs in ima_restore_measurement_list() when a previous-kernel IMA buffer is no longer within the addressable RAM of the second-stage kernel, especially after a boot-time memory limit such as mem=<size>. The fix series introduces ima_validate_range() to verify that the physical range is actually addressable before restore proceeds, using pfn_range_is_mapped() on x86 and page_is_ram() on OF-based architectures. NVD lists affected Linux kernel ranges ending before 6.12.77, 6.18.16, and 6.19.6.

Defensive priority

Medium priority for environments that use kexec with IMA restore or constrained boot memory settings; lower priority if those features are not in use.

Recommended defensive actions

Upgrade to a kernel release that includes the official fix or backport the stable patches referenced in NVD.
If you maintain a custom kernel, backport the validation logic that checks the previous kernel’s IMA buffer range before restore.
Review whether kexec and IMA measurement-list restore are enabled on production systems, especially where boot parameters may limit usable RAM.
Check boot logs for page faults or crashes in ima_restore_measurement_list() during second-stage kernel startup.
Use the NVD version ranges to confirm whether deployed kernels fall below the fixed releases.

Evidence notes

Evidence comes from the NVD record and the kernel patch references included there. The NVD entry is marked analyzed, published 2026-05-06 and modified 2026-05-11. The source description states the issue is reproducible on x86_64 when a second-stage kernel is booted with a limiting mem=<size> command line, and that a similar aarch64 case was already fixed upstream. NVD does not list this CVE in KEV, and no ransomware campaign use is reported in the provided corpus.

Official resources

CVE-2026-43129 CVE record
CVE.org
CVE-2026-43129 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch

CVE published in NVD on 2026-05-06 and modified on 2026-05-11. No KEV entry is listed in the provided source data.