Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 8, 2026
CVE-2026-43272
CVE-2026-43272
Description
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix possible dereference of uninitialized pointer
There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure during reader page validation. In this case the control is passed to "invalid" label where the pointer is dereferenced in a loop.
To fix the issue initialize orig_head and head_page before calling rb_validate_buffer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords5 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-vmware-6.12
< 6.12.85-r2+ 4 more
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.