CVE-2026-43264

MEDIUM EPSS 1.8%
Published May 6, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_mode) before cleanup.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 8

  • git.kernel.org https://git.kernel.org/stable/c/20881ad42e651c69d89eb38a2042838187900fd6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2b22e4fe1273c24f405ed7903349c4bbd82b6368
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ed019654234edb8625c05d05e15d40f74e64f70
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5bdcc5afbff845834d04d651773cb6b47db5dd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5734f9030a8b1e13868d1641b5163d8e659306e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6f34bbff07476c6abb8672c89d217824871c5ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eacf9840ae1285a1ef47eb0ce16d786e542bd4d7
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/20881ad42e651c69d89eb38a2042838187900fd6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2b22e4fe1273c24f405ed7903349c4bbd82b6368
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ed019654234edb8625c05d05e15d40f74e64f70
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5bdcc5afbff845834d04d651773cb6b47db5dd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5734f9030a8b1e13868d1641b5163d8e659306e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6f34bbff07476c6abb8672c89d217824871c5ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eacf9840ae1285a1ef47eb0ce16d786e542bd4d7
    Patch