{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "f368aed4827bd4276c0e3664fb2cb815a8d7caf3"
            },
            {
              "fixed": "027797595a108726f4a0a45d225f603b0ffbd22b"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "d38e051ec6fd8650b139d9bc4b0b8b261953b263"
            },
            {
              "fixed": "1737d37ae1d2814e6cf0a1af87af3d41f0812b95"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "013027918a4efa807409fcb356009c117e4d181a"
            },
            {
              "fixed": "f736032c638a33a243e9126e617788f763d648f9"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "8652d44f466ad5772e7d1756e9457046189b0dfc"
            },
            {
              "fixed": "cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2"
            },
            {
              "fixed": "875355152b33436907c2a6d2ffad1431fa86c62b"
            },
            {
              "fixed": "36eb314184a0ae74dd42914b47d2b9fc43be8034"
            },
            {
              "fixed": "5226570bd252cea2e805a161cb0f75c204c3108a"
            },
            {
              "fixed": "480e1d5c64bb14441f79f2eb9421d5e26f91ea3d"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4947a0eb7d642b6048559857964966016ef3aa8b"
            },
            {
              "last_affected": "b16bf76b382810257e3fb6278663a9d131b70197"
            },
            {
              "last_affected": "cb1638618545182a01444b2b20a4ed6b9d2a8c8f"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "5.10.185"
            },
            {
              "fixed": "5.10.252"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "5.15.118"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.1.35"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "4.19.287"
            },
            {
              "fixed": "4.20"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "5.4.248"
            },
            {
              "fixed": "5.5"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.3.9"
            },
            {
              "fixed": "6.4"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.10.252"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.4.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.18.16"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.19.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43289.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkexec: derive purgatory entry from symbol\n\nkexec_load_purgatory() derives image-\u003estart by locating e_entry inside an\nSHF_EXECINSTR section.  If the purgatory object contains multiple\nexecutable sections with overlapping sh_addr, the entrypoint check can\nmatch more than once and trigger a WARN.\n\nDerive the entry section from the purgatory_start symbol when present and\ncompute image-\u003estart from its final placement.  Keep the existing e_entry\nfallback for purgatories that do not expose the symbol.\n\nWARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784\nCall Trace:\n \u003cTASK\u003e\n bzImage64_load+0x133/0xa00\n __do_sys_kexec_file_load+0x2b3/0x5c0\n do_syscall_64+0x81/0x610\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[me@linux.beauty: move helper to avoid forward declaration, per Baoquan]",
  "id": "CVE-2026-43289",
  "modified": "2026-07-08T05:36:43.753119886Z",
  "published": "2026-05-08T13:11:13.860Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/027797595a108726f4a0a45d225f603b0ffbd22b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1737d37ae1d2814e6cf0a1af87af3d41f0812b95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36eb314184a0ae74dd42914b47d2b9fc43be8034"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5226570bd252cea2e805a161cb0f75c204c3108a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/875355152b33436907c2a6d2ffad1431fa86c62b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cfccd3b8c51bc57a8a6fcb2fd30453afae5bc0d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f736032c638a33a243e9126e617788f763d648f9"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43289.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43289"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "kexec: derive purgatory entry from symbol"
}