Vulnerabilities ›

CVE-2026-43272

Medium

CWE-476 — Weakness Type

                    Published: May 6, 2026                      ·  Modified: May 9, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Fix possible dereference of uninitialized pointer

There is a pointer head_page in rb_meta_validate_events() which is not
initialized at the beginning of a function. This pointer can be dereferenced
if there is a failure during reader page validation. In this case the control
is passed to "invalid" label where the pointer is dereferenced in a loop.

To fix the issue initialize orig_head and head_page before calling
rb_validate_buffer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

🤖 AI Executive Summary

A Linux kernel ring-buffer vulnerability allows potential dereference of an uninitialized pointer in rb_meta_validate_events() function when reader page validation fails. This could lead to kernel crashes or undefined behavior on affected systems.

📄 Description (Arabic)

تحتوي نواة لينكس على ثغرة في وحدة ring-buffer حيث لا يتم تهيئة مؤشر head_page في بداية الدالة rb_meta_validate_events(). قد يؤدي فشل التحقق من صفحة القارئ إلى إلغاء تهيئة المؤشر وإلحاق الضرر بسلامة النظام.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 06:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom energy healthcare

🎯 MITRE ATT&CK Techniques

T1499.004 T1561.002

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update Linux kernel to the latest patched version that initializes orig_head and head_page pointers before calling rb_validate_buffer function. Apply security patches from your Linux distribution vendor immediately.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة لينكس إلى أحدث إصدار معدل يهيئ المؤشرات orig_head و head_page قبل استدعاء دالة rb_validate_buffer. طبق تصحيحات الأمان من موزع توزيعة لينكس الخاص بك فوراً.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.BE-5.1 PR.PT-2.1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 3

🔗

https://git.kernel.org/stable/c/bc77986f3cb7476637052edf2d87137fa39f153d

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/d9942396845fef2369478c157b26738fe07142f6

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/f1547779402c4cd67755c33616b7203baa88420b

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 2 entries

linux:linux_kernel

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-476

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-05-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

patch-available CWE-476

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-43272

Introduce Yourself

Sign In Required