CVE-2026-43272 PUBLISHED

ring-buffer: Fix possible dereference of uninitialized pointer

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Fix possible dereference of uninitialized pointer

There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop.

To fix the issue initialize orig_head and head_page before calling rb_validate_buffer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 to bc77986f3cb7476637052edf2d87137fa39f153d (excl.)
  • affected from 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 to d9942396845fef2369478c157b26738fe07142f6 (excl.)
  • affected from 5f3b6e839f3ceb8d6ef02231ba9b5aca71b8bf55 to f1547779402c4cd67755c33616b7203baa88420b (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.12 is affected
  • unaffected from 0 to 6.12 (excl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References