ACK: [SRU][N][PATCH 0/1] CVE-2026-43197
Jian Hui Lee
jianhui.lee at canonical.com
Fri Jul 3 06:40:41 UTC 2026
Acked-by: Jian Hui Lee <jianhui.lee at canonical.com>
On Wed, Jun 24, 2026 at 4:38 PM Cengiz Can via kernel-team
<kernel-team at lists.ubuntu.com> wrote:
>
> https://ubuntu.com/security/CVE-2026-43197
>
> [ Impact ]
>
> The msg buffer passed to netconsole from the console subsystem is not
> guaranteed to be nul-terminated. After the conversion to the NBCON console
> infrastructure, the message is placed in a dynamically allocated per-console
> buffer rather than a static global buffer, exposing an out-of-bounds read when
> netconsole_write() processes the message via vsnprintf(). An attacker or normal
> console activity can trigger a slab-out-of-bounds read past the allocated
> region, leading to information disclosure or a kernel crash.
>
> [ Fix ]
>
> noble: backported with AI-assisted adaptation
>
> [ Test Plan ]
>
> Boot tested.
>
> [ Where Problems Could Occur ]
>
> If the fix is incorrect, the netconsole subsystem could truncate or mangle log
> messages sent over the network, or fail to properly bound the message length,
> potentially regressing remote kernel logging for users who rely on netconsole.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list