CVE-2026-53343
In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned. ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init. Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.
Affected versions
Linux kernel versions
6.1.120,
6.6.64,
6.12.4,
6.13
and later are affected. Fixed in
6.1.176,
6.6.143,
6.12.94,
6.18.36,
7.0.13,
7.1
and their respective stable series.
References
6 totalFrequently asked questions
-
What is CVE-2026-53343?
CVE-2026-53343 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.1.120 onward and has been patched in 6.1.176, 6.6.143, 6.12.94 and others. CVE-2026-53343 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53343?
Yes — CVE-2026-53343 has been patched. Fixed versions include 6.1.176, 6.6.143, 6.12.94 and others. If you are running Linux kernel 6.1.120 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53343 actively exploited?
No — CVE-2026-53343 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.