CVE-2026-43272

Summary

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Fix possible dereference of uninitialized pointer

There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop.

To fix the issue initialize orig_head and head_page before calling rb_validate_buffer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < bc77986f3cb7476637052edf2d87137fa39f153daffected
LinuxLinux5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < d9942396845fef2369478c157b26738fe07142f6affected
LinuxLinux5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < f1547779402c4cd67755c33616b7203baa88420baffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References