Use-After-Free Vulnerability in Linux Kernel's caif_serial Component
CVE-2026-43458

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43458?

A vulnerability has been found in the Linux kernel's caif_serial component, where improper handling of tty->link references can lead to a Use-After-Free condition. This issue manifests during the execution of the tty_write_room() function, potentially resulting in unauthorized access to released memory. The fix involves maintaining an additional reference on tty->link for the duration of the caif_serial line discipline's existence, ensuring safe memory access and preventing exploitation. Users are advised to update their systems to apply this security fix.

Affected Version(s)

Linux e31d5a05948e4478ba8396063d1e1f39880928e2 < 23a3ac2e2262a291498567418227b99e1f3606b1

Linux e31d5a05948e4478ba8396063d1e1f39880928e2 < 52135420e9f75853ea0c6cea7b736e3e98495f7d

Linux e31d5a05948e4478ba8396063d1e1f39880928e2

References

https://git.kernel.org/stable/c/23a3ac2e2262a291498567418...

https://git.kernel.org/stable/c/52135420e9f75853ea0c6cea7...

https://git.kernel.org/stable/c/ca2ceba983bb23ea0202c2882...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43458 Data

JSON