A vulnerability was found in Linux Kernel up to 6.19.5 and classified as critical. The impacted element is the function kexec_load_purgatory of the file kernel/kexec_file.c. Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-43289. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.
| Vendor | Product | Versions |
|---|---|---|
| linux | linux kernel | f368aed4827bd4276c0e3664fb2cb815a8d7caf3, d38e051ec6fd8650b139d9bc4b0b8b261953b263, 013027918a4efa807409fcb356009c117e4d181a, 8652d44f466ad5772e7d1756e9457046189b0dfc, 8652d44f466ad5772e7d1756e9457046189b0dfc, 8652d44f466ad5772e7d1756e9457046189b0dfc, 8652d44f466ad5772e7d1756e9457046189b0dfc, 8652d44f466ad5772e7d1756e9457046189b0dfc, 4947a0eb7d642b6048559857964966016ef3aa8b, b16bf76b382810257e3fb6278663a9d131b70197, cb1638618545182a01444b2b20a4ed6b9d2a8c8f, 6.4, 6.19.5 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | open source linux kernel | cert_advisory | 90% |
Updated description with details about CVE-2026-43289, changed severity to CRITICAL, and noted that no exploit exists.
Initial creation
