GHSA-4F2P-2MPV-GJWQ
Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35In the Linux kernel, the following vulnerability has been resolved:
ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
Commit 44e9a3bb76e5 ("ARM: 9430/1: entry: Do a dummy read from VMAP shadow") added a dummy read from the KASAN VMAP stack shadow in __switch_to(). The read uses ldr, but the KASAN shadow address is byte-granular and is not guaranteed to be word aligned.
ARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and CONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to() with an alignment exception before reaching init.
Use ldrb for the dummy shadow access. The code only needs to fault in the shadow mapping if the stack shadow is missing, so a byte load is sufficient and matches the granularity of KASAN shadow memory.
{
"affected": [],
"aliases": [
"CVE-2026-53343"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T14:16:42Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow\n\nCommit 44e9a3bb76e5 (\"ARM: 9430/1: entry: Do a dummy read from\nVMAP shadow\") added a dummy read from the KASAN VMAP stack shadow in\n__switch_to(). The read uses ldr, but the KASAN shadow address is\nbyte-granular and is not guaranteed to be word aligned.\n\nARMv5 faults unaligned word loads. With CONFIG_KASAN_VMALLOC and\nCONFIG_VMAP_STACK enabled, ARM926/VersatilePB crashes in __switch_to()\nwith an alignment exception before reaching init.\n\nUse ldrb for the dummy shadow access. The code only needs to fault in the\nshadow mapping if the stack shadow is missing, so a byte load is sufficient\nand matches the granularity of KASAN shadow memory.",
"id": "GHSA-4f2p-2mpv-gjwq",
"modified": "2026-07-01T15:35:19Z",
"published": "2026-07-01T15:35:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53343"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a4dc9a0ac3326e79fb58fdaae724b92127709a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/517720913bd3c17a52cd55a740064f68455ab88e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77a1f6883dc6e837bb2cb30b9b02e2f94338e2c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0b8c148a7754826156993ed6442d31536ec86b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2e3aadc8fef7da068490597fc5582f8f362aeb2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c74990828d3c486ee44aaa68240eb3abff289d1c"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.