CVE-2026-43396

MEDIUM EPSS 2.2%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.18.1  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel6.18any
linuxlinux_kernel6.18any
linuxlinux_kernel6.18any
linuxlinux_kernel6.18any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7
    Patch