PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43435 Linux CVE debrief

CVE-2026-43435 is a Linux kernel rust_binder issue in the oneway spam detection path. The published fix corrects two defensive-control gaps: TreeRange was evaluating spam detection before inserting the current request into the tree, which meant the new request was excluded from the calculation, and ArrayRange did not implement the equivalent low_oneway_space() check at all. The result was that some spamming transaction patterns could evade the intended anti-abuse logic. The record was published on 2026-05-08 and later modified on 2026-05-12; NVD still listed it as undergoing analysis at that time.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-12
Advisory published
2026-05-08
Advisory updated
2026-05-12

Who should care

Linux kernel maintainers, distro kernel teams, and operators of systems that ship or consume the rust_binder code path should care, especially where Binder transaction abuse resistance matters.

Technical summary

The vulnerability is a logic flaw in rust_binder’s oneway spam detection. In TreeRange, the detection code ran before the new request had been inserted, so the current request was not included in the spam calculation. In ArrayRange, the equivalent low_oneway_space() logic was missing entirely, creating a second path where large spamming transactions could bypass detection. The supplied kernel fix moves the TreeRange check after insertion and adds the missing ArrayRange logic to restore consistent enforcement.

Defensive priority

Medium priority. This is a control-bypass issue in kernel abuse-detection logic rather than a memory-safety flaw, but it can reduce the effectiveness of transaction throttling or spam prevention in affected deployments.

Recommended defensive actions

  • Review whether your kernel build includes the rust_binder fixes referenced by the supplied kernel stable links.
  • Track downstream vendor or distro advisories for backported patches covering CVE-2026-43435.
  • Update to a kernel release that contains the corrected TreeRange insertion order and ArrayRange low_oneway_space() implementation.
  • If you maintain a downstream kernel tree, verify the spam-detection paths in rust_binder against the upstream fix before releasing builds.
  • Monitor for abnormal Binder transaction spam or rate-limiting anomalies while patch rollout is in progress.

Evidence notes

The CVE description states that TreeRange spam detection was executed before the current request was inserted, so the new request was not counted, and that ArrayRange was missing the detection logic altogether. The NVD record linked in the source item lists the vulnerability status as 'Undergoing Analysis' and provides three kernel.org stable references. No CVSS score or weakness data was supplied in the corpus.

Official resources

Publicly disclosed on 2026-05-08 15:16:55 UTC; modified on 2026-05-12 14:10:27 UTC. NVD listed the record as undergoing analysis in the supplied source item.