CVE-2026-43264

Summary

In the Linux kernel, the following vulnerability has been resolved:

fbdev: of: display_timing: fix refcount leak in of_get_display_timings()

of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak.

Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_mode) before cleanup.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < 20881ad42e651c69d89eb38a2042838187900fd6affected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < b5bdcc5afbff845834d04d651773cb6b47db5dd3affected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < 2b22e4fe1273c24f405ed7903349c4bbd82b6368affected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < 3ed019654234edb8625c05d05e15d40f74e64f70affected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < d6f34bbff07476c6abb8672c89d217824871c5edaffected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < 69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64affected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < c5734f9030a8b1e13868d1641b5163d8e659306eaffected
LinuxLinuxcc3f414cf2e404130584b63d373161ba6fd24bc2 < eacf9840ae1285a1ef47eb0ce16d786e542bd4d7affected
LinuxLinux3.9affected
LinuxLinux0 < 3.9unaffected
LinuxLinux5.10.252 <= 5.10.*unaffected
LinuxLinux5.15.202 <= 5.15.*unaffected
LinuxLinux6.1.165 <= 6.1.*unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References