CVE-2026-43224
Published: May 6, 2026· Updated: May 8, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix sgtable leak on mapping failures
In an unlikely case when io_populate_area_dma() fails, which could only
happen on a PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA machine,
io_zcrx_map_area() will have an initialised and not freed table. It was
supposed to be cleaned up in the error path, but !is_mapped prevents
that.
Technical Analysis
CVE-2026-43224 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (3)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-43224 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts