7.8

CVE-2026-46065

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an
instance as part of initializing deferred I/O and remove it only after
the final mapping has been closed. If the fb_info and the contained
deferred I/O meanwhile goes away, clear struct fb_deferred_io_state.info
to invalidate the mapping. Any access will then result in a SIGBUS
signal.

Fixes a long-standing problem, where a device hot-unplug happens while
user space still has an active mapping of the graphics memory. The hot-
unplug frees the instance of struct fb_info. Accessing the memory will
operate on undefined state.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.22 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.88
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.028
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/2a40f8bc9bb713329f1c35ffc199ee961a7135b0
Patch
https://git.kernel.org/stable/c/2b53d3a52e8e5403a4f4fb57ac6cad3fd2cb1066
Patch
https://git.kernel.org/stable/c/25c2b77bc463f29ee71a54b883548baf9386a0db
Patch
https://git.kernel.org/stable/c/a0aafb421dd15e935d81543152617f2742cefa70
Patch
https://git.kernel.org/stable/c/9ded47ad003f09a94b6a710b5c47f4aa5ceb7429
Patch
https://git.kernel.org/stable/c/4aab89603b637a2e441b38808c4f6fe7d1184df6
Patch
https://git.kernel.org/stable/c/4fda0d6b45faad44926dd3e4f55f118d899b2e27
Patch