Use-after-free in Linux kernel - CVE-2026-43497
Published: May 22, 2026
Vulnerability identifier: #VU132120
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43497
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and write freed kernel memory.
The vulnerability exists due to a use-after-free in the udlfb framebuffer mmap handling when replacing the framebuffer while a userspace mapping remains active and the device is later disconnected. A local user can trigger framebuffer reallocation through FBIOPUT_VSCREENINFO and then access stale mapped pages to read and write freed kernel memory.
Exploitation requires an existing userspace mmap of the framebuffer, and the stale mapping remains usable after USB disconnect.
How to mitigate CVE-2026-43497
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/18dd358de72d57993422cbb5dfb29ccd74efe192
- https://git.kernel.org/stable/c/4f312c30f0368e8d2a76aa650dff73f23490b5e7
- https://git.kernel.org/stable/c/8de779dc40d35d39fa07387b6f921eb11df0f511
- https://git.kernel.org/stable/c/a2c53a3822ee26e8d758071815b9ed3bf6669fc1
- https://git.kernel.org/stable/c/da9b065cedfd3b574f229d5be594e6aa47a27ae6