PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43249 Linux CVE debrief

CVE-2026-43249 is a Linux kernel memory-safety issue in the Xen 9p front-end path. NVD describes a race where the xenwatch thread can overlap with other back-end change notifications and call xen_9pfs_front_free() more than once, leading to a double-free and a general protection fault. The issue is publicly documented as fixed in kernel patches referenced by NVD, and the advisory dates show the CVE was published on 2026-05-06 and later modified on 2026-05-11.

Vendor
Linux
Product
CVE-2026-43249
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-05-11
Advisory published
2026-05-06
Advisory updated
2026-05-11

Who should care

Operators and security teams running Linux kernels with Xen 9p file-sharing support, especially in virtualized environments where xenwatch and back-end change notifications are active. Kernel maintainers and distro teams tracking stable backports should also care, since NVD lists multiple affected version ranges and patch references.

Technical summary

The vulnerability is a concurrent teardown bug in xen_9pfs_front_free(). According to the supplied description, xenwatch and other back-end change notifications can race, causing the front-end state to be freed twice. NVD maps the issue to CWE-415 (double free) and assigns CVSS 3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high-severity memory-corruption condition in affected kernel builds. The supplied NVD criteria list affected Linux kernel ranges including 4.14.308 through versions before 6.12.75, 6.13 through versions before 6.18.16, and 6.19 through versions before 6.19.6.

Defensive priority

High

Recommended defensive actions

  • Check whether your kernel build includes Xen 9p front-end support and whether it falls within the affected version ranges listed by NVD.
  • Prioritize applying the kernel fixes referenced by NVD for the affected stable branches.
  • If you rely on Xen-based 9p file sharing, verify that patched kernels are deployed across all guests and hosts that use the feature.
  • Track vendor or distro backports rather than relying only on upstream version numbers.
  • Monitor for kernel crash signatures involving xenwatch, xen_9pfs_front_changed(), or xen_9pfs_front_free() as indicators of exposure.

Evidence notes

All claims in this debrief are derived from the supplied CVE description, the NVD metadata included in the source corpus, and the official NVD/CVE/kernel.org links. The description explicitly states the race, the double-free, and the observed crash. NVD provides the CVSS vector, CWE-415 classification, affected version criteria, and four kernel patch references. Published and modified timestamps are taken from the supplied timeline fields and the source item metadata.

Official resources

Publicly disclosed in the supplied source corpus on 2026-05-06T12:16:45.493Z and modified on 2026-05-11T13:10:20.973Z. The issue is documented as fixed by kernel patches referenced in NVD.