{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "20002ded4d937ca87aca6253b874920a96a763c4"
            },
            {
              "fixed": "98074e16742ae87fb82e234b419783c5ffc9baea"
            },
            {
              "fixed": "7e5f60b8cfc02a2b23a40a5f5fd2fa81d010e737"
            },
            {
              "fixed": "e9bbfb4bfa86c6b5515b868d6982ac60505d7e39"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.32"
            },
            {
              "fixed": "6.18.19"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43416.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc, perf: Check that current-\u003emm is alive before getting user callchain\n\nIt may happen that mm is already released, which leads to kernel panic.\nThis adds the NULL check for current-\u003emm, similarly to\ncommit 20afc60f892d (\"x86, perf: Check that current-\u003emm is alive before getting user callchain\").\n\nI was getting this panic when running a profiling BPF program\n(profile.py from bcc-tools):\n\n    [26215.051935] Kernel attempted to read user page (588) - exploit attempt? (uid: 0)\n    [26215.051950] BUG: Kernel NULL pointer dereference on read at 0x00000588\n    [26215.051952] Faulting instruction address: 0xc00000000020fac0\n    [26215.051957] Oops: Kernel access of bad area, sig: 11 [#1]\n    [...]\n    [26215.052049] Call Trace:\n    [26215.052050] [c000000061da6d30] [c00000000020fc10] perf_callchain_user_64+0x2d0/0x490 (unreliable)\n    [26215.052054] [c000000061da6dc0] [c00000000020f92c] perf_callchain_user+0x1c/0x30\n    [26215.052057] [c000000061da6de0] [c0000000005ab2a0] get_perf_callchain+0x100/0x360\n    [26215.052063] [c000000061da6e70] [c000000000573bc8] bpf_get_stackid+0x88/0xf0\n    [26215.052067] [c000000061da6ea0] [c008000000042258] bpf_prog_16d4ab9ab662f669_do_perf_event+0xf8/0x274\n    [...]\n\nIn addition, move storing the top-level stack entry to generic\nperf_callchain_user to make sure the top-evel entry is always captured,\neven if current-\u003emm is NULL.\n\n[Maddy: fixed message to avoid checkpatch format style error]",
  "id": "CVE-2026-43416",
  "modified": "2026-07-08T05:38:32.272694679Z",
  "published": "2026-05-08T14:21:52.954Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e5f60b8cfc02a2b23a40a5f5fd2fa81d010e737"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98074e16742ae87fb82e234b419783c5ffc9baea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e9bbfb4bfa86c6b5515b868d6982ac60505d7e39"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43416.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43416"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "powerpc, perf: Check that current-\u003emm is alive before getting user callchain"
}