Linux Kernel: Refcount Leak in fbdev display_timing API
CVE-2026-43264 Published on May 6, 2026
fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
In the Linux kernel, the following vulnerability has been resolved:
fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
of_parse_phandle() returns a device_node with refcount incremented,
which is stored in 'entry' and then copied to 'native_mode'. When the
error paths at lines 184 or 192 jump to 'entryfail', native_mode's
refcount is not decremented, causing a refcount leak.
Fix this by changing the goto target from 'entryfail' to 'timingfail',
which properly calls of_node_put(native_mode) before cleanup.
Products Associated with CVE-2026-43264
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below 20881ad42e651c69d89eb38a2042838187900fd6 is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below b5bdcc5afbff845834d04d651773cb6b47db5dd3 is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below 2b22e4fe1273c24f405ed7903349c4bbd82b6368 is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below 3ed019654234edb8625c05d05e15d40f74e64f70 is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below d6f34bbff07476c6abb8672c89d217824871c5ed is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below 69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64 is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below c5734f9030a8b1e13868d1641b5163d8e659306e is affected.
- Version cc3f414cf2e404130584b63d373161ba6fd24bc2 and below eacf9840ae1285a1ef47eb0ce16d786e542bd4d7 is affected.
- Version 3.9 is affected.
- Before 3.9 is unaffected.
- Version 5.10.252, <= 5.10.* is unaffected.
- Version 5.15.202, <= 5.15.* is unaffected.
- Version 6.1.165, <= 6.1.* is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.