VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 21, 2026

CVE-2026-43395

CVE-2026-43395

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/sync: Cleanup partially initialized sync on parse failure

xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those paths returned directly, leaving partially initialized state and leaking refs.

Route these error paths through a common free_sync label and call xe_sync_entry_cleanup(sync) before returning the error.

(cherry picked from commit f939bdd9207a5d1fc55cced5459858480686ce22)

Affected products

3
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.8,<6.12.78
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2026-43395 · Medium · VYPR