CVE-2026-43295
rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
Description
In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer.
INFO
Published Date :
May 8, 2026, 2:16 p.m.
Last Modified :
May 8, 2026, 2:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Use kfree() for memory release.
- Set pointers to NULL after freeing memory.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-43295.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-43295 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-43295
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-43295 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-43295 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 08, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer. Added Reference https://git.kernel.org/stable/c/34a4f233df5eef5f1f113b2196142c0568b387f8 Added Reference https://git.kernel.org/stable/c/649c2e853608cad0b0cba545555d168e67f094b3 Added Reference https://git.kernel.org/stable/c/666183dcdd9ad3b8156a1df7f204f728f720380f Added Reference https://git.kernel.org/stable/c/78812c4fb7ed242d5961bf1337a49070d6487c94 Added Reference https://git.kernel.org/stable/c/83e579c2f7f6b1706323d744833b26470049dcc2 Added Reference https://git.kernel.org/stable/c/87272e3e70ec4b666885bd520ff77463c11444ef Added Reference https://git.kernel.org/stable/c/e5a732bfe29451e16abf9c6f07ce5948b22f3d59 Added Reference https://git.kernel.org/stable/c/fecf292c6691970897396190855aa38826b7104e