Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-53343

CVE-2026-53343: Linux Kernel DOS Vulnerability

CVE-2026-53343 is a denial of service vulnerability in the Linux kernel affecting ARM systems with KASAN VMAP stack shadow. This post covers the technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2026-53343 Overview

CVE-2026-53343 is a Linux kernel vulnerability affecting the ARM architecture entry code. The issue stems from a dummy read of the Kernel Address Sanitizer (KASAN) VMAP stack shadow in __switch_to(). The original fix used the ldr instruction, which requires word alignment, but KASAN shadow addresses are byte-granular.

On ARMv5 systems such as ARM926/VersatilePB, unaligned word loads generate a fault. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, the kernel crashes in __switch_to() with an alignment exception before reaching init. The fix replaces ldr with ldrb to match the byte granularity of KASAN shadow memory.

Critical Impact

Affected ARMv5 kernels fail to boot when KASAN VMAP and VMAP stack are enabled, producing an alignment exception during task switching.

Affected Products

  • Linux kernel builds targeting ARM (ARMv5, e.g., ARM926/VersatilePB)
  • Kernels configured with CONFIG_KASAN_VMALLOC enabled
  • Kernels configured with CONFIG_VMAP_STACK enabled

Discovery Timeline

  • 2026-07-01 - CVE-2026-53343 published to NVD
  • 2026-07-01 - Last updated in NVD database

Technical Details for CVE-2026-53343

Vulnerability Analysis

The vulnerability resides in the ARM entry code path executed during context switches. Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") introduced a dummy read from the KASAN VMAP stack shadow in __switch_to(). The intent of the dummy read is to fault in the KASAN shadow mapping for the new task's stack when that shadow is not yet present.

The implementation used the ldr instruction to perform the read. ldr loads a 32-bit word and, on ARMv5, requires the source address to be word-aligned. KASAN shadow memory is byte-granular: each shadow byte tracks 8 bytes of the underlying mapping, so shadow addresses are not guaranteed to be word-aligned.

When the calculated shadow address for the incoming stack is unaligned, ARMv5 raises an alignment exception. On ARM926/VersatilePB with CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, this fault triggers during the first context switch and prevents the kernel from reaching init.

Root Cause

The root cause is a mismatch between the instruction width used for the dummy shadow access and the granularity of KASAN shadow memory. ldr requires word alignment on ARMv5, while KASAN shadow addresses can fall on any byte boundary. This is a boot-time reliability defect rather than an attacker-controllable condition.

Attack Vector

There is no remote or local attack vector. The defect manifests as a kernel boot failure on ARMv5 systems built with the specified KASAN and VMAP stack options. Exploitation is not applicable; the impact is availability of the affected kernel image on affected hardware.

The fix replaces ldr with ldrb. A byte load has no alignment requirement and still faults in the shadow mapping when it is absent, which is all the dummy read needs to accomplish. Patches are distributed across multiple stable branches, referenced by commits 2a4dc9a0, 51772091, 77a1f688, c0b8c148, c2e3aadc, and c7499082. See the Linux Kernel Commit c749908 for the mainline change.

Detection Methods for CVE-2026-53343

Indicators of Compromise

  • Kernel panic or early boot hang on ARMv5 devices immediately after enabling CONFIG_KASAN_VMALLOC together with CONFIG_VMAP_STACK.
  • Alignment exception messages referencing __switch_to in early boot logs or serial console output.
  • Failure to reach userspace init on ARM926/VersatilePB targets with debug KASAN builds.

Detection Strategies

  • Audit kernel .config files across ARM build targets to identify combinations of CONFIG_KASAN_VMALLOC=y and CONFIG_VMAP_STACK=y on ARMv5.
  • Compare running kernel commit hashes on ARM fleets against the stable branch commits listed in the advisory to confirm the fix is present.
  • Track boot success telemetry from embedded ARM devices to flag regressions after kernel updates.

Monitoring Recommendations

  • Collect and centralize kernel serial console logs from ARMv5 embedded systems during rollout of new kernels.
  • Alert on repeated early-boot alignment faults or __switch_to exceptions across device fleets.
  • Include ARM KASAN debug builds in continuous integration for embedded kernel development pipelines.

How to Mitigate CVE-2026-53343

Immediate Actions Required

  • Apply the upstream Linux kernel patches that replace ldr with ldrb for the KASAN VMAP stack shadow dummy read in __switch_to().
  • Rebuild and redeploy affected ARM kernels, prioritizing ARMv5 targets used in development or QA with KASAN enabled.
  • Validate boot on representative ARM926/VersatilePB hardware or emulation before promoting the kernel to production images.

Patch Information

The fix is available in multiple Linux stable branches. Relevant commits include Linux Kernel Commit 2a4dc9a, Linux Kernel Commit 5177209, Linux Kernel Commit 77a1f68, Linux Kernel Commit c0b8c14, Linux Kernel Commit c2e3aad, and Linux Kernel Commit c749908.

Workarounds

  • Disable CONFIG_KASAN_VMALLOC in ARMv5 kernel builds until the patched kernel is deployed.
  • Alternatively, disable CONFIG_VMAP_STACK on affected ARMv5 targets to avoid the faulting code path.
  • Restrict the affected configuration combination to non-ARMv5 targets where the alignment fault does not occur.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.