CVE-2026-43433

A flaw was found in the Linux kernel's rust_binder component. If a local process gains the ability to write to its own virtual memory area (VMA), it could exploit a time-of-check to time-of-use (TOCTOU) vulnerability. This allows the process to alter the offsets array during a transaction before it is read, potentially leading to a misinterpretation of the sender's data. In the worst case, this could enable the malicious process to escalate its privileges to that of the sender.