CVE-2026-43149
Description
In the Linux kernel, the following vulnerability has been resolved:
net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
The priv->rx_buffer and priv->tx_buffer are alloc'd together as contiguous buffers in uhdlc_init() but freed as two buffers in uhdlc_memclean().
Change the cleanup to only call dma_free_coherent() once on the whole buffer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's fsl_ucc_hdlc driver, a DMA memory cleanup bug frees a contiguous buffer as two separate allocations, risking memory corruption.
Vulnerability
In the Linux kernel's fsl_ucc_hdlc driver, a memory management error exists in the uhdlc cleanup function uhdlc_memclean(). The driver allocates priv->rx and tx DMA buffers as a single contiguous region in uhdlc_init(), but the cleanup code incorrectly calls dma_free_coherent() twice, treating them as separate allocations [1]. This mismatch can lead to double-free or use-after-free conditions.
Exploitation
An attacker would need local access to the system and the ability to trigger the cleanup path, for example by unloading the ucc_hdlc module or through device removal. No special privileges beyond local user access are required, as the bug is in kernel code reachable from user space via module operations. The attack surface is limited to systems using the Freescale QUICC Engine UCC HDLC driver.
Impact
Successful exploitation could cause memory corruption, leading to a system crash (denial of service) or potentially arbitrary code execution in kernel context. The CVSS v3 score of 5.5 (Medium) reflects the need for local access and the possibility of high impact on availability and integrity.
Mitigation
The fix has been applied to the Linux kernel stable tree [1][2][3][4]. Users should update to a kernel version containing the commit that corrects the dma_free_coherent() call to free the entire buffer once. No workaround is available; updating the kernel is the recommended action.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/011ae5dd84dc9f05eb9b8e1adff44252ac776e7bnvdPatch
- git.kernel.org/stable/c/0f85a9655445e67bb0238cfc983d7c383b54938envdPatch
- git.kernel.org/stable/c/36bd7d5deef936c4e1e3cd341598140e5c14c1d3nvdPatch
- git.kernel.org/stable/c/6496fb830cbb741d831225cc4e7e5601c6e42970nvdPatch
- git.kernel.org/stable/c/84b932bc9899d43e5829e6cf088b72d73a922b2bnvdPatch
- git.kernel.org/stable/c/ba8d8429e5d6c36f9a654d2b96b9e043c43d92b4nvdPatch
- git.kernel.org/stable/c/d68994e37ac3b285692559776e0279a88a3b5f8dnvdPatch
- git.kernel.org/stable/c/d8a522085d09b30aba1016daf1dddac37c0f0285nvdPatch
News mentions
0No linked articles in our index yet.