CVE-2026-43433 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and administrators running kernels with Binder/rust_binder support, especially on systems where untrusted local users can run code.

Technical summary

According to the CVE description, the Binder transaction path first copies an offsets array into the target process’s VMA and then reads the offsets back from that same mapping. That creates a time-of-check/time-of-use dependency on memory that is expected to stay read-only. If some other Binder issue allowed the target process to write to that mapping, the kernel could consume altered offsets and misinterpret the transaction. The referenced fix eliminates the read-back step so the kernel no longer trusts a value after writing it into the mapping.

Defensive priority

High

Recommended defensive actions

• Apply kernel updates that include the referenced stable fixes for the rust_binder Binder path.
• Verify whether your deployed kernel builds include the patches referenced by the official kernel.org stable links.
• Prioritize rollout on systems that allow untrusted local users or multi-user workloads.
• Track vendor and kernel advisories until NVD leaves the issue’s 'Undergoing Analysis' state.
• Review whether Binder/rust_binder is enabled in your deployment and include it in kernel patch validation.

Evidence notes

The CVE record was published on 2026-05-08 and modified on 2026-05-12. NVD lists the issue as 'Undergoing Analysis' and provides CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The supplied CVE description explicitly says the issue is not expected to be exploitable without another Binder bug. The source corpus includes three official kernel.org stable references, which appear to be the fix backports.

Official resources