VDB

CVE-2026-43272

CVE-2026-43272 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop. To fix the issue initialize orig_head and head_page before calling rb_validate_buffer. Found by Linux Verification Center (linuxtesting.org) with SVACE.

EPSS 0.01% · 2.3th percentile

Risk Scores

EPSS Score
0.01%
2.3th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel6.12, 6.12, 6.12
LinuxLinux5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55, 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55, 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55

Timeline

  • May 6, 2026 CVE Published
  • May 6, 2026 Security Advisory
  • May 8, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›