CVE-2026-43149
Memory Leak in Linux Kernel FSL UCC HDLC Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's handling of memory buffers in the net: wan/fsl_ucc_hdlc driver. Specifically, the rx_buffer and tx_buffer are allocated together as contiguous memory buffers in the uhdlc_init() function but are incorrectly freed as two separate buffers in the uhdlc_memclean() function. This mismatch in allocation and deallocation was fixed by changing the cleanup process to call dma_free_coherent() only once on the entire buffer.
How can this vulnerability impact me? :
This vulnerability involves improper freeing of DMA coherent memory buffers in the Linux kernel's uhdlc driver. Specifically, the rx_buffer and tx_buffer are allocated as a contiguous buffer but freed separately, which could lead to memory management issues such as memory leaks or corruption.
The impact could include system instability, potential crashes, or unexpected behavior in network communication handled by the affected driver.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by correcting the dma_free_coherent() call in the Linux kernel's net: wan/fsl_ucc_hdlc driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
- Apply the latest Linux kernel updates or patches that address the dma_free_coherent() fix in uhdlc_memclean().
- Avoid using vulnerable kernel versions until patched.