CVE intelligence and bounded remediation
CVE-2026-43286 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 ("mm: hugetlb: fix incorrect fallback for subpool") fixed an underflow error for hstate->resv_huge_pages caused by incorrectly attributing globally requested pages to the subpool's reservation. Unfortunately, this fix also introduced the opposite problem, which would leave spool->used_hpages elevated if the globally requested pages could not be acquired. This is because while a subpool's reserve pages only accounts for what is requested and allocated from the subpool, its "used" counter keeps track of what is consumed in total, both from the subpool and globally. Thus, we need to adjust spool->used_hpages in the other direction, and make sure that globally requested pages are uncharged from the subpool's used counter. Each failed allocation attempt increments the used_hpages counter by how many pages were requested from the global pool. Ultimately, this renders the subpool unusable, as used_hpages approaches the max limit. The issue can be reproduced as follows: 1. Allocate 4 hugetlb pages 2. Create a hugetlb mount with max=4, min=2 3. C…
- Severity
- Medium
- CVSS
- 5.5 (3.1)
- Published
- 2026-05-08
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
- Weaknesses
- CWE-401
Affected products
- linux / linux_kernel
- linux / linux_kernel / 6.15
- linux / linux_kernel / 7.0
Matched remediation archetype
Resource exhaustion and denial of service
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Identify attacker-influenced work factors including input size, nesting, compression, fan-out, regex cost, allocation, recursion, retries, and connection lifetime.
- Map per-request and shared CPU, memory, disk, descriptor, thread, queue, and downstream-service limits.
- Determine whether authentication, tenancy, quotas, and rate controls apply before expensive processing begins.
Remediate safely
- Bound input size, nesting, expansion, work, concurrency, queue depth, retries, and execution time before resource-intensive processing.
- Release resources on every success, error, cancellation, and timeout path and use backpressure instead of unbounded buffering.
- Update affected components and add small deterministic tests that assert resource ceilings rather than exhausting a host.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.