{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: kprobes: avoid crash when rmmod/insmod after ftrace killed",
    "id" : "2468209",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468209"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-253",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nkprobes: avoid crash when rmmod/insmod after ftrace killed\nAfter we hit ftrace is killed by some errors, the kernel crash if\nwe remove modules in which kprobe probes.\nBUG: unable to handle page fault for address: fffffbfff805000d\nPGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0\nOops: Oops: 0000 [#1] SMP KASAN PTI\nCPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G        W  OE\nTainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nRIP: 0010:kprobes_module_callback+0x89/0x790\nRSP: 0018:ffff88812e157d30 EFLAGS: 00010a02\nRAX: 1ffffffff805000d RBX: dffffc0000000000 RCX: ffffffff86a8de90\nRDX: ffffed1025c2af9b RSI: 0000000000000008 RDI: ffffffffc0280068\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1025c2af9a\nR10: ffff88812e157cd7 R11: 205d323130325420 R12: 0000000000000002\nR13: ffffffffc0290488 R14: 0000000000000002 R15: ffffffffc0280040\nFS:  00007fbc450dd740(0000) GS:ffff888420331000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff805000d CR3: 000000010f624000 CR4: 00000000000006f0\nCall Trace:\n<TASK>\nnotifier_call_chain+0xc6/0x280\nblocking_notifier_call_chain+0x60/0x90\n__do_sys_delete_module.constprop.0+0x32a/0x4e0\ndo_syscall_64+0x5d/0xfa0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThis is because the kprobe on ftrace does not correctly handles\nthe kprobe_ftrace_disabled flag set by ftrace_kill().\nTo prevent this error, check kprobe_ftrace_disabled in\n__disarm_kprobe_ftrace() and skip all ftrace related operations.", "A flaw was found in the Linux kernel's kprobes subsystem. When the ftrace tracing utility is disabled due to errors, a local user can cause a system crash by removing a kernel module that uses kprobe probes. This vulnerability arises from kprobes not correctly handling the ftrace disabled state, leading to a denial of service." ],
  "statement" : "This Moderate impact flaw in the Linux kernel's kprobes subsystem allows a local attacker to trigger a system crash, leading to a denial of service. The vulnerability occurs when the ftrace tracing utility is in an error state and a kernel module utilizing kprobe probes is subsequently removed. This specific interaction can destabilize the system.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43409\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43409\nhttps://lore.kernel.org/linux-cve-announce/2026050843-CVE-2026-43409-509d@gregkh/T" ],
  "name" : "CVE-2026-43409",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}