PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43389 Linux CVE debrief

## Summary CVE-2026-43389 is a data-loss vulnerability in the Linux kernel's memfd Live Update (LUO) subsystem. The flaw occurs because clean folios (memory pages) preserved during a live update could be incorrectly reclaimed under memory pressure after retrieval, resulting in loss of user data. The root cause was that the dirty state was captured at preserve() time rather than at freeze(), allowing folios dirtied after preservation to be treated as clean. ## Affected Versions - Linux kernel 6.19 through 6.19.8 - Linux kernel 7.0-rc1, 7.0-rc2, 7.0-rc3 ## Technical Details The memfd_luo mechanism preserves memory-backed file descriptors across kernel live updates. The vulnerability stems from a timing issue in state serialization: 1. At `preserve()`, the folio's dirty flag is saved 2. The folio may subsequently be dirtied through continued write activity 3. At `freeze()`, dirty bits from page table entries (PTEs) are not fully synced if mappings still exist 4. The serialized state incorrectly marks the folio as clean 5. After `retrieve()` in the new kernel, the clean folio becomes eligible for reclaim under memory pressure 6. User data is lost when the folio is reclaimed The fix ensures all folios are marked dirty at preservation time by always setting `MEMFD_LUO_FOLIO_DIRTY`, eliminating the window where a folio could transition from clean to dirty without the state being captured. ## Impact - **Confidentiality**: None - **Integrity**: None - **Availability**: High (local) An attacker with local access could trigger memory pressure conditions after a live update to cause data loss in preserved memfd regions. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. ## Remediation Apply the upstream patches that modify `mm/memfd_luo.c` to always mark folios as dirty during preservation. The patches eliminate the `flags` variable and directly set `MEMFD_LUO_FOLIO_DIRTY` for all folios. ## References - CVE Record: CVE.org - NVD Entry: NVD - Kernel Patches: git.kernel.org stable commits 7e04bf1f3315 and e901c871d4b5

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-26
Advisory published
2026-05-08
Advisory updated
2026-05-26

Who should care

Organizations running Linux kernel live updates with memfd-based workloads; kernel maintainers; virtualization and container platform operators using in-place kernel updates

Technical summary

Race condition in memfd Live Update (LUO) where folios marked clean at preserve() time could be dirtied before freeze(), leading to incorrect clean status after retrieve() and potential data loss under memory pressure. Fixed by unconditionally marking all folios dirty.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable branches 6.19.9+ or 7.0-rc4+ when available
  • Avoid live update operations on memfd regions with active write workloads until patched
  • Monitor for kernel live update failures or unexpected data corruption in preserved memfd files
  • Review systems using memfd for live update scenarios and assess patch deployment priority

Evidence notes

Evidence drawn from NVD CPE data and kernel.org patch commits. The vulnerability description is derived from the upstream commit message which explains the race condition between preserve() and folio dirtying.

Official resources

2026-05-08