CVE-2026-43476
Published May 13, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead of the intended __be32 element size (4 bytes). Use sizeof(*meas) to correctly match the buffer element type.
Is your site exposed to CVE-2026-43476?
Run a free security scan — no signup, results in seconds.
EPSS — Exploit Prediction
0.0001
Probability of exploitation
0.02%
Percentile rank
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
References
Other References
https://git.kernel.org/stable/c/08881d82f94deaa51800360029908863e5c4c39d
https://git.kernel.org/stable/c/165f12b40901c6a7aca15796da239726ddcdc5ad
https://git.kernel.org/stable/c/216345f98cae7fcc84f49728c67478ac00321c87
https://git.kernel.org/stable/c/2a4d111a6a34afb8bb4f118009e7728ed2ec7e10
https://git.kernel.org/stable/c/90e978ace598567e6e30de79805bddf37cf892ac
https://git.kernel.org/stable/c/9aff2e9c2927ecd9652872a43a0725f101128104
https://git.kernel.org/stable/c/dcdf1e92674efb6692f4ebe189e0aa9fde23a541
Frequently Asked Questions
What is CVE-2026-43476? +
In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead
of the intended __be32 element size (4 bytes). Use sizeof(*meas) to
correctly match the buffer element type.
How do I check if I'm vulnerable to CVE-2026-43476? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.