CVE-2026-43272
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix possible dereference of uninitialized pointer
There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop.
To fix the issue initialize orig_head and head_page before calling rb_validate_buffer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < bc77986f3cb7476637052edf2d87137fa39f153d | affected |
| Linux | Linux | 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < d9942396845fef2369478c157b26738fe07142f6 | affected |
| Linux | Linux | 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 < f1547779402c4cd67755c33616b7203baa88420b | affected |
| Linux | Linux | 6.12 | affected |
| Linux | Linux | 0 < 6.12 | unaffected |
| Linux | Linux | 6.18.16 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.6 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/bc77986f3cb7476637052edf2d87137fa39f153d
- https://git.kernel.org/stable/c/d9942396845fef2369478c157b26738fe07142f6
- https://git.kernel.org/stable/c/f1547779402c4cd67755c33616b7203baa88420b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.