CVE-2026-43258 Overview
CVE-2026-43258 is a Linux kernel vulnerability affecting the Alpha architecture. The flaw causes user-space memory corruption when memory compaction is enabled. Affected systems exhibit sporadic crashes including SIGSEGV, glibc allocator failures such as unaligned tcache chunk, and compiler internal errors.
The root cause is insufficient Translation Lookaside Buffer (TLB) shootdown during page migration. Alpha relies on Address Space Number (ASN) based memory management context rollover for instruction cache coherency. This mechanism alone does not prevent stale data or instruction translations from surviving migration.
Critical Impact
Memory compaction on Alpha systems triggers user-space heap corruption and process crashes. The defect affects both uniprocessor (UP) and symmetric multiprocessing (SMP) Alpha configurations.
Affected Products
- Linux kernel on Alpha architecture (UP configurations)
- Linux kernel on Alpha architecture (SMP configurations)
- Kernel builds with CONFIG_COMPACTION enabled
Discovery Timeline
- 2026-05-06 - CVE-2026-43258 published to the National Vulnerability Database
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43258
Vulnerability Analysis
The vulnerability resides in the Alpha architecture memory management code path used during page migration and memory compaction. When the kernel relocates physical pages to defragment memory, it must invalidate stale virtual-to-physical translations across all CPUs. The Alpha implementation relied solely on ASN rollover via memory management context invalidation. This approach left stale TLB entries and stale instruction translations active until the next context switch.
User-space processes consequently observed inconsistent views of their own address space. Symptoms include segmentation faults, glibc tcache integrity check failures, and miscompilation when build tools execute on affected hosts. Disabling compaction or forcing global TLB invalidation eliminates the symptom, confirming the TLB coherency root cause.
Root Cause
The defect classifies as a kernel memory ordering and TLB coherency flaw. The flush_tlb_other() and pte_clear() routines lacked READ_ONCE() and WRITE_ONCE() annotations required for correct SMP memory ordering. Page migration paths invoked context invalidation without performing immediate per-CPU TLB invalidation (TBI) or synchronous cross-CPU shootdown.
Attack Vector
The issue manifests as a reliability and integrity defect rather than a remotely triggerable exploit. Any workload that induces memory pressure sufficient to invoke compaction can corrupt user-space memory. A local unprivileged process executing on an Alpha kernel with compaction enabled can experience or induce arbitrary heap corruption in co-resident processes.
No verified proof-of-concept code is published. The upstream resolution is documented in the kernel git commits referenced in the Linux kernel stable tree.
Detection Methods for CVE-2026-43258
Indicators of Compromise
- Recurring SIGSEGV signals delivered to long-running user-space processes on Alpha hosts
- glibc allocator diagnostics emitting unaligned tcache chunk, corrupted size vs. prev_size, or similar heap integrity errors
- Compiler internal compiler errors (ICE) during routine builds on Alpha build farms
- Symptoms that disappear after booting with compaction=off or disabling CONFIG_COMPACTION
Detection Strategies
- Audit kernel build configuration for CONFIG_COMPACTION=y on Alpha targets and correlate with crash telemetry
- Inspect /var/log/messages and dmesg output for repeated user-space faults clustered around periods of high memory pressure
- Compare kernel version against the patched commits bab8d762a8db, dd5712f3379c, d4ca6ca2c6f5, and 03e42b5f7ad4 to confirm fix presence
Monitoring Recommendations
- Track per-host crash rates for user-space processes and alert on sudden increases on Alpha systems
- Monitor /proc/vmstat counters such as compact_stall and compact_migrate_scanned to correlate compaction activity with application failures
- Forward kernel and application crash logs to a centralized analytics platform for longitudinal review
How to Mitigate CVE-2026-43258
Immediate Actions Required
- Apply the upstream Linux kernel patch series referenced in the kernel git commit to all Alpha hosts
- Rebuild and redeploy affected Alpha kernels and reboot the systems to load the corrected page migration helper
- Validate fixes by running memory-pressure workloads and confirming the absence of SIGSEGV and tcache errors
Patch Information
The fix introduces a migration-specific helper that combines memory management context invalidation through ASN rollover, immediate per-CPU TLB invalidation via TBI, and synchronous cross-CPU shootdown when required. The helper is restricted to migration and compaction code paths to preserve existing global TLB semantics. The patch additionally annotates flush_tlb_other() and pte_clear() with READ_ONCE() and WRITE_ONCE() for correct SMP ordering. Reference patches: primary fix, supporting commit, update, change.
Workarounds
- Disable memory compaction at runtime by writing 0 to /proc/sys/vm/compaction_proactiveness and avoiding manual compact_memory triggers
- Boot affected kernels with compaction disabled until the patch is deployed
- Force global TLB invalidation paths where supported by the platform configuration
# Disable proactive memory compaction on Alpha hosts pending patch deployment
sysctl -w vm.compaction_proactiveness=0
echo 'vm.compaction_proactiveness=0' >> /etc/sysctl.d/99-cve-2026-43258.conf
# Confirm the running kernel includes the fix commit
strings /boot/vmlinuz-$(uname -r) | grep -i 'alpha.*migrat'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
