CVE-2026-43272

MEDIUM

ring-buffer: Fix possible dereference of uninitialized pointer

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop. To fix the issue initialize orig_head and head_page before calling rb_validate_buffer. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/bc77986f3cb7476637052edf2d87137fa39f153d

https://git.kernel.org/stable/c/d9942396845fef2369478c157b26738fe07142f6

https://git.kernel.org/stable/c/f1547779402c4cd67755c33616b7203baa88420b

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

Linux/Linux < 6.12

Linux/Linux 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 - bc77986f3cb7476637052edf2d87137fa39f153d

Linux/Linux 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 - d9942396845fef2369478c157b26738fe07142f6

Linux/Linux 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 - f1547779402c4cd67755c33616b7203baa88420b

Linux/Linux 6.12

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.12 - 6.18.16

Published May 06, 2026

Tracked Since May 06, 2026