SB2026051453 - Improper Initialization in Linux kernel mm
Published: May 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Initialization (CVE-ID: CVE-2026-43489)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in liveupdate luo_file handling when processing repeated LIVEUPDATE_SESSION_RETRIEVE_FD ioctl requests after a failed retrieve attempt. A local user can trigger a failed retrieve and retry the ioctl to cause a denial of service.
The issue can also affect session cleanup because finish() may act on serialization data structures that were already partially restored, freed, or left in an unexpected state.
Remediation
Install update from vendor's website.