{"api_version":"1","generated_at":"2026-05-13T06:20:50+00:00","cve":"CVE-2026-43351","urls":{"html":"https://cve.report/CVE-2026-43351","api":"https://cve.report/api/cve/CVE-2026-43351.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43351","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43351"},"summary":{"title":"KVM: arm64: Eagerly init vgic dist/redist on vgic creation","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Eagerly init vgic dist/redist on vgic creation\n\nIf vgic_allocate_private_irqs_locked() fails for any odd reason,\nwe exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.\n\nkvm_vgic_dist_destroy() then comes along and walks into the weeds\ntrying to free the RDs. Got to love this stuff.\n\nSolve it by moving all the static initialisation early, and make\nsure that if we fail halfway, we're in a reasonable shape to\nperform the rest of the teardown. While at it, reset the vgic model\non failure, just in case...","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-08 15:16:45","updated_at":"2026-05-12 14:10:27"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/ac6769c8f948dff33265c50e524aebf9aa6f1be0","name":"https://git.kernel.org/stable/c/ac6769c8f948dff33265c50e524aebf9aa6f1be0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c","name":"https://git.kernel.org/stable/c/a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b7493f48c3dba75674a4ee505b4afa8fe5102457","name":"https://git.kernel.org/stable/c/b7493f48c3dba75674a4ee505b4afa8fe5102457","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43351","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43351","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b3aa9283c0c505b5cfd25f7d6cfd720de2adc807 b7493f48c3dba75674a4ee505b4afa8fe5102457 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b3aa9283c0c505b5cfd25f7d6cfd720de2adc807 a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b3aa9283c0c505b5cfd25f7d6cfd720de2adc807 ac6769c8f948dff33265c50e524aebf9aa6f1be0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.14","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.14 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.19 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.9 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"43351","cve":"CVE-2026-43351","epss":"0.000170000","percentile":"0.041320000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["arch/arm64/kvm/vgic/vgic-init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"b7493f48c3dba75674a4ee505b4afa8fe5102457","status":"affected","version":"b3aa9283c0c505b5cfd25f7d6cfd720de2adc807","versionType":"git"},{"lessThan":"a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c","status":"affected","version":"b3aa9283c0c505b5cfd25f7d6cfd720de2adc807","versionType":"git"},{"lessThan":"ac6769c8f948dff33265c50e524aebf9aa6f1be0","status":"affected","version":"b3aa9283c0c505b5cfd25f7d6cfd720de2adc807","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["arch/arm64/kvm/vgic/vgic-init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.14"},{"lessThan":"6.14","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.19","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.9","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.19","versionStartIncluding":"6.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.9","versionStartIncluding":"6.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.14","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Eagerly init vgic dist/redist on vgic creation\n\nIf vgic_allocate_private_irqs_locked() fails for any odd reason,\nwe exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.\n\nkvm_vgic_dist_destroy() then comes along and walks into the weeds\ntrying to free the RDs. Got to love this stuff.\n\nSolve it by moving all the static initialisation early, and make\nsure that if we fail halfway, we're in a reasonable shape to\nperform the rest of the teardown. While at it, reset the vgic model\non failure, just in case..."}],"providerMetadata":{"dateUpdated":"2026-05-11T22:22:53.725Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/b7493f48c3dba75674a4ee505b4afa8fe5102457"},{"url":"https://git.kernel.org/stable/c/a24f1d80fbcdbf8b2a7044a00fa12b3972b4c31c"},{"url":"https://git.kernel.org/stable/c/ac6769c8f948dff33265c50e524aebf9aa6f1be0"}],"title":"KVM: arm64: Eagerly init vgic dist/redist on vgic creation","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43351","datePublished":"2026-05-08T14:21:08.868Z","dateReserved":"2026-05-01T14:12:56.003Z","dateUpdated":"2026-05-11T22:22:53.725Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-08 15:16:45","lastModifiedDate":"2026-05-12 14:10:27","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43351","Ordinal":"1","Title":"KVM: arm64: Eagerly init vgic dist/redist on vgic creation","CVE":"CVE-2026-43351","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43351","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Eagerly init vgic dist/redist on vgic creation\n\nIf vgic_allocate_private_irqs_locked() fails for any odd reason,\nwe exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.\n\nkvm_vgic_dist_destroy() then comes along and walks into the weeds\ntrying to free the RDs. Got to love this stuff.\n\nSolve it by moving all the static initialisation early, and make\nsure that if we fail halfway, we're in a reasonable shape to\nperform the rest of the teardown. While at it, reset the vgic model\non failure, just in case...","Type":"Description","Title":"KVM: arm64: Eagerly init vgic dist/redist on vgic creation"}]}}}