HOMEVULNERABILITIESCVE-2026-43486
NONE

CVE-2026-43486

Published: May 13, 2026· Updated: May 13, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults

contpte_ptep_set_access_flags() compared the gathered ptep_get() value

against the requested entry to detect no-ops. ptep_get() ORs AF/dirty

from all sub-PTEs in the CONT block, so a dirty sibling can make the

target appear already-dirty. When the gathered value matches entry, the

function returns 0 even though the target sub-PTE still has PTE_RDONLY

set in hardware.

For a CPU with FEAT_HAFDBS this gathered view is fine, since hardware may

set AF/dirty on any sub-PTE and CPU TLB behavior is effectively gathered

across the CONT range. But page-table walkers that evaluate each

descriptor individually (e.g. a CPU without DBM support, or an SMMU

without HTTU, or with HA/HD disabled in CD.TCR) can keep faulting on the

unchanged target sub-PTE, causing an infinite fault loop.

Gathering can therefore cause false no-ops when only a sibling has been

updated:

- write faults: target still has PTE_RDONLY (needs PTE_RDONLY cleared)

- read faults: target still lacks PTE_AF

Fix by checking each sub-PTE against the requested AF/dirty/write state

(the same bits consumed by __ptep_set_access_flags()), using raw

per-PTE values rather than the gathered ptep_get() view, before

returning no-op. Keep using the raw target PTE for the write-bit unfold

decision.

Per Arm ARM (DDI 0487) D8.7.1 ("The Contiguous bit"), any sub-PTE in a CONT

range may become the effective cached translation and software must

maintain consistent attributes across the range.

NVD Source

Technical Analysis

CVE-2026-43486 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-43486
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 13, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43486 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.