SB2026052203 - Use-after-free in Linux kernel video
Published: May 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-43497)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to read and write freed kernel memory.
The vulnerability exists due to a use-after-free in the udlfb framebuffer mmap handling when replacing the framebuffer while a userspace mapping remains active and the device is later disconnected. A local user can trigger framebuffer reallocation through FBIOPUT_VSCREENINFO and then access stale mapped pages to read and write freed kernel memory.
Exploitation requires an existing userspace mmap of the framebuffer, and the stale mapping remains usable after USB disconnect.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/18dd358de72d57993422cbb5dfb29ccd74efe192
- https://git.kernel.org/stable/c/4f312c30f0368e8d2a76aa650dff73f23490b5e7
- https://git.kernel.org/stable/c/8de779dc40d35d39fa07387b6f921eb11df0f511
- https://git.kernel.org/stable/c/a2c53a3822ee26e8d758071815b9ed3bf6669fc1
- https://git.kernel.org/stable/c/da9b065cedfd3b574f229d5be594e6aa47a27ae6