Home

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping has been closed. If the fb_info and the contained deferred I/O meanwhile goes away, clear struct fb_deferred_io_state.info to invalidate the mapping. Any access will then result in a SIGBUS signal. Fixes a long-standing problem, where a device hot-unplug happens while user space still has an active mapping of the graphics memory. The hot- unplug frees the instance of struct fb_info. Accessing the memory will operate on undefined state.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-30 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

60b59beafba875aef6d378078bce0baf2287ae14 (git) before 2a40f8bc9bb713329f1c35ffc199ee961a7135b0
affected

60b59beafba875aef6d378078bce0baf2287ae14 (git) before 2b53d3a52e8e5403a4f4fb57ac6cad3fd2cb1066
affected

60b59beafba875aef6d378078bce0baf2287ae14 (git) before 25c2b77bc463f29ee71a54b883548baf9386a0db
affected

60b59beafba875aef6d378078bce0baf2287ae14 (git) before a0aafb421dd15e935d81543152617f2742cefa70
affected

60b59beafba875aef6d378078bce0baf2287ae14 (git) before 9ded47ad003f09a94b6a710b5c47f4aa5ceb7429
affected

Default status
affected

2.6.22
affected

Any version before 2.6.22
unaffected

6.6.140 (semver)
unaffected

6.12.88 (semver)
unaffected

6.18.30 (semver)
unaffected

7.0.4 (semver)
unaffected

7.1-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/2a40f8bc9bb713329f1c35ffc199ee961a7135b0

git.kernel.org/...c/2b53d3a52e8e5403a4f4fb57ac6cad3fd2cb1066

git.kernel.org/...c/25c2b77bc463f29ee71a54b883548baf9386a0db

git.kernel.org/...c/a0aafb421dd15e935d81543152617f2742cefa70

git.kernel.org/...c/9ded47ad003f09a94b6a710b5c47f4aa5ceb7429

cve.org (CVE-2026-46065)

nvd.nist.gov (CVE-2026-46065)

Download JSON