What is CVE-2026-43249?

CVE-2026-43249 is a High severity Linux kernel vulnerability with a CVSS score of 8.8 out of 10, affecting Linux kernel versions from 4.14.308 onward and patched in 6.12.75, 6.18.16, 6.19.6 and others. CVE-2026-43249 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-43249?

CVE-2026-43249 has a CVSS score of 8.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2026-43249?

Yes, CVE-2026-43249 has been patched. Fixed versions include 6.12.75, 6.18.16, 6.19.6 and others. If you are running Linux kernel 4.14.308 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-43249 actively exploited?

CVE-2026-43249 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-43249

High

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen_9pfs_front_free() twice, hitting the observed general protection fault due to a double-free. Guard the teardown path so only one caller can release the front-end state at a time, preventing the crash. This is a fix for the following double-free: [ 27.052347] Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 27.052357] CPU: 0 UID: 0 PID: 32 Comm: xenwatch Not tainted 6.18.0-02087-g51ab33fc0a8b-dirty #60 PREEMPT(none) [ 27.052363] RIP: e030:xen_9pfs_front_free+0x1d/0x150 [ 27.052368] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 41 55 41 54 55 48 89 fd 48 c7 c7 48 d0 92 85 53 e8 cb cb 05 00 48 8b 45 08 48 8b 55 00 <48> 3b 28 0f 85 f9 28 35 fe 48 3b 6a 08 0f 85 ef 28 35 fe 48 89 42 [ 27.052377] RSP: e02b:ffffc9004016fdd0 EFLAGS: 00010246 [ 27.052381] RAX: 6b6b6b6b6b6b6b6b RBX: ffff88800d66e400 RCX: 0000000000000000 [ 27.052385] RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000000000 RDI: 0000000000000000 [ 27.052389] RBP: ffff88800a887040 R08: 0000000000000000 R09: 0000000000000000 [ 27.052393] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888009e46b68 [ 27.052397] R13: 0000000000000200 R14: 0000000000000000 R15: ffff88800a887040 [ 27.052404] FS: 0000000000000000(0000) GS:ffff88808ca57000(0000) knlGS:0000000000000000 [ 27.052408] CS: e030 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.052412] CR2: 00007f9714004360 CR3: 0000000004834000 CR4: 0000000000050660 [ 27.052418] Call Trace: [ 27.052420] <TASK> [ 27.052422] xen_9pfs_front_changed+0x5d5/0x720 [ 27.052426] ? xenbus_otherend_changed+0x72/0x140 [ 27.052430] ? __pfx_xenwatch_thread+0x10/0x10 [ 27.052434] xenwatch_thread+0x94/0x1c0 [ 27.052438] ? __pfx_autoremove_wake_function+0x10/0x10 [ 27.052442] kthread+0xf8/0x240 [ 27.052445] ? __pfx_kthread+0x10/0x10 [ 27.052449] ? __pfx_kthread+0x10/0x10 [ 27.052452] ret_from_fork+0x16b/0x1a0 [ 27.052456] ? __pfx_kthread+0x10/0x10 [ 27.052459] ret_from_fork_asm+0x1a/0x30 [ 27.052463] </TASK> [ 27.052465] Modules linked in: [ 27.052471] ---[ end trace 0000000000000000 ]---

Package Linux Kernel

Published 2026-05-06

Last modified 2026-05-11

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

8.8

out of 10

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-415

CVE-2026-43249 is classified as CWE-415

See CWE-415 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.100, 6.1.18, 6.2.5, 6.3 and later are affected. Fixed in 6.12.75, 6.18.16, 6.19.6, 7.0 and their respective stable series.

Affected from

≥ 4.14.308 ≥ 4.19.276 ≥ 5.4.235 ≥ 5.10.173 ≥ 5.15.100 ≥ 6.1.18 ≥ 6.2.5 ≥ 6.3

Fixed in

✓ 6.12.75 6.12.x ✓ 6.18.16 6.18.x ✓ 6.19.6 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-43249 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/59e7707492576bdbfa8c1dbe7d90791df31e4773
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a5d00dff97118a32fcf5fec7a4c3f864c4620c4e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/bf841d43f7a33d75675ba7f4e214ac1c67913065
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2026-43249

Severity High

CVSS score 8.8 / 10

CVSS version 3.1

Published 2026-05-06

Modified 2026-05-11

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-43249?

CVE-2026-43249 is a High severity Linux kernel vulnerability with a CVSS score of 8.8 out of 10 . It affects Linux kernel versions from 4.14.308 onward and has been patched in 6.12.75, 6.18.16, 6.19.6 and others. CVE-2026-43249 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-43249?

CVE-2026-43249 has a CVSS score of 8.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2026-43249?

Yes — CVE-2026-43249 has been patched. Fixed versions include 6.12.75, 6.18.16, 6.19.6 and others. If you are running Linux kernel 4.14.308 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-43249 actively exploited?

No — CVE-2026-43249 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.