CVE-2026-43264 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_

CVE

CVE-2026-43264

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_mode) before cleanup.

MEDIUM · CVSS 5.5 EPSS 0.00013

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

7

linux kernel>= 3.9 and < 5.10.252
linux kernel>= 5.11 and < 5.15.202
linux kernel>= 5.16 and < 6.1.165
linux kernel>= 6.2 and < 6.6.128
linux kernel>= 6.7 and < 6.12.75
linux kernel>= 6.13 and < 6.18.16
linux kernel>= 6.19 and < 6.19.6

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD06 May 2026 · 12:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/20881ad42e651c69d89eb38a2042838187900fd6Patch

https://git.kernel.org/stable/c/2b22e4fe1273c24f405ed7903349c4bbd82b6368Patch

https://git.kernel.org/stable/c/3ed019654234edb8625c05d05e15d40f74e64f70Patch

https://git.kernel.org/stable/c/69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64Patch

https://git.kernel.org/stable/c/b5bdcc5afbff845834d04d651773cb6b47db5dd3Patch

https://git.kernel.org/stable/c/c5734f9030a8b1e13868d1641b5163d8e659306ePatch

Show all 8 references

https://git.kernel.org/stable/c/d6f34bbff07476c6abb8672c89d217824871c5edPatch

https://git.kernel.org/stable/c/eacf9840ae1285a1ef47eb0ce16d786e542bd4d7Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin