CVE-2026-43149

Source
https://cve.org/CVERecord?id=CVE-2026-43149
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43149.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43149
Downstream
Published
2026-05-06T11:27:31.708Z
Modified
2026-06-18T03:55:13.448024967Z
Summary
net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
Details

In the Linux kernel, the following vulnerability has been resolved:

net: wan/fslucchdlc: Fix dmafreecoherent() in uhdlc_memclean()

The priv->rxbuffer and priv->txbuffer are alloc'd together as contiguous buffers in uhdlcinit() but freed as two buffers in uhdlcmemclean().

Change the cleanup to only call dmafreecoherent() once on the whole buffer.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43149.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c19b6d246a35627c3a69b2fa6bdece212b48214b
Fixed
6496fb830cbb741d831225cc4e7e5601c6e42970
Fixed
ba8d8429e5d6c36f9a654d2b96b9e043c43d92b4
Fixed
011ae5dd84dc9f05eb9b8e1adff44252ac776e7b
Fixed
0f85a9655445e67bb0238cfc983d7c383b54938e
Fixed
84b932bc9899d43e5829e6cf088b72d73a922b2b
Fixed
d8a522085d09b30aba1016daf1dddac37c0f0285
Fixed
d68994e37ac3b285692559776e0279a88a3b5f8d
Fixed
36bd7d5deef936c4e1e3cd341598140e5c14c1d3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43149.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43149.json"