PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43458 Linux CVE debrief

CVE-2026-43458 is a Linux kernel use-after-free in the CAIF serial line discipline. A missing lifetime hold on tty->link can let the TX path reach tty_write_room() after the pointed object is freed, producing a slab-use-after-free in pty_write_room() and corrupting tty->link->port access. The published fix adds reference management in ldisc_open() and ser_release(), including cleanup on the error path.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distribution security teams, embedded/system integrators, and operators running kernels that include CAIF/serial line discipline support. Because the issue is local and requires low privileges, it is especially relevant on multi-user systems and environments where untrusted users can reach the affected subsystem.

Technical summary

According to the NVD record, the flaw is a CWE-416 use-after-free in the Linux kernel with CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerable path is CAIF serial TX calling tty_write_room(); if tty->link is freed first, pty_write_room() dereferences tty->link->port and triggers a slab-use-after-free. The fix holds an extra kref on tty->link for the lifetime of the line discipline by taking it in ldisc_open() and dropping it in ser_release(), plus releasing it on the ldisc_open() error path. NVD lists affected linux_kernel CPE ranges spanning multiple supported branches.

Defensive priority

High. This is a locally exploitable kernel memory-safety bug with high confidentiality, integrity, and availability impact in CVSS, so supported kernels should be patched or backported promptly.

Recommended defensive actions

  • Apply the upstream/stable kernel fix referenced in the patch links and verify the change is present in your vendor tree.
  • Check whether any supported or long-term kernel branches in your environment fall within the affected CPE ranges listed by NVD.
  • If you maintain downstream or custom kernels, confirm the CAIF serial line discipline backport includes the tty->link reference-counting change in both success and error paths.
  • Prioritize systems where untrusted or semi-trusted local users can interact with the affected kernel subsystem.
  • After patching, validate with normal regression testing for tty/serial and CAIF functionality in your environment.

Evidence notes

This debrief is based only on the supplied NVD record and its metadata. The source describes the bug, fix strategy, CVSS 7.8 HIGH rating, CWE-416 classification, and affected Linux kernel version ranges. Timing uses the CVE publishedAt and modifiedAt timestamps supplied in the corpus: published 2026-05-08T15:16:58.630Z and modified 2026-05-21T16:47:42.210Z.

Official resources

Publicly disclosed in the CVE/NVD record on 2026-05-08 and last modified on 2026-05-21. The source corpus includes multiple official kernel patch references for remediation; no KEV entry was provided.