Double free in Linux kernel - CVE-2026-43149
Published: May 7, 2026
Vulnerability identifier: #VU130591
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43149
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a double free in uhdlc_memclean() in the wan/fsl_ucc_hdlc component when cleaning up DMA-coherent buffers. A local user can trigger the cleanup of a crafted allocation state to cause a denial of service.
The issue arises because receive and transmit buffers are allocated together as a contiguous buffer but are freed as two separate buffers.
How to mitigate CVE-2026-43149
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/011ae5dd84dc9f05eb9b8e1adff44252ac776e7b
- https://git.kernel.org/stable/c/0f85a9655445e67bb0238cfc983d7c383b54938e
- https://git.kernel.org/stable/c/36bd7d5deef936c4e1e3cd341598140e5c14c1d3
- https://git.kernel.org/stable/c/6496fb830cbb741d831225cc4e7e5601c6e42970
- https://git.kernel.org/stable/c/84b932bc9899d43e5829e6cf088b72d73a922b2b
- https://git.kernel.org/stable/c/ba8d8429e5d6c36f9a654d2b96b9e043c43d92b4
- https://git.kernel.org/stable/c/d68994e37ac3b285692559776e0279a88a3b5f8d
- https://git.kernel.org/stable/c/d8a522085d09b30aba1016daf1dddac37c0f0285