In the Linux kernel, the following vulnerability has been resolved:

fbdev: of: display_timing: fix refcount leak in of_get_display_timings()

of_parse_phandle() returns a device_node with refcount incremented,
which is stored in 'entry' and then copied to 'native_mode'. When the
error paths at lines 184 or 192 jump to 'entryfail', native_mode's
refcount is not decremented, causing a refcount leak.

Fix this by changing the goto target from 'entryfail' to 'timingfail',
which properly calls of_node_put(native_mode) before cleanup.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < 20881ad42e651c69d89eb38a2042838187900fd6
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < b5bdcc5afbff845834d04d651773cb6b47db5dd3
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < 2b22e4fe1273c24f405ed7903349c4bbd82b6368
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < 3ed019654234edb8625c05d05e15d40f74e64f70
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < d6f34bbff07476c6abb8672c89d217824871c5ed
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < 69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < c5734f9030a8b1e13868d1641b5163d8e659306e
cc3f414cf2e404130584b63d373161ba6fd24bc2 affected < eacf9840ae1285a1ef47eb0ce16d786e542bd4d7
Linux Linux affected
Version Status Constraints
3.9 affected
0 unaffected < 3.9
5.10.252 unaffected ≤ 5.10.*
5.15.202 unaffected ≤ 5.15.*
6.1.165 unaffected ≤ 6.1.*
6.6.128 unaffected ≤ 6.6.*
6.12.75 unaffected ≤ 6.12.*
6.18.16 unaffected ≤ 6.18.*
6.19.6 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/20881ad42e651c69d89eb38a2042838187900fd6 cve-icon cve-icon
https://git.kernel.org/stable/c/2b22e4fe1273c24f405ed7903349c4bbd82b6368 cve-icon cve-icon
https://git.kernel.org/stable/c/3ed019654234edb8625c05d05e15d40f74e64f70 cve-icon cve-icon
https://git.kernel.org/stable/c/69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64 cve-icon cve-icon
https://git.kernel.org/stable/c/b5bdcc5afbff845834d04d651773cb6b47db5dd3 cve-icon cve-icon
https://git.kernel.org/stable/c/c5734f9030a8b1e13868d1641b5163d8e659306e cve-icon cve-icon
https://git.kernel.org/stable/c/d6f34bbff07476c6abb8672c89d217824871c5ed cve-icon cve-icon
https://git.kernel.org/stable/c/eacf9840ae1285a1ef47eb0ce16d786e542bd4d7 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050608-CVE-2026-43264-7177@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-43264 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-43264 cve-icon
History

Thu, 07 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 06 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_mode) before cleanup.
Title fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:50.867Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43264

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:47.373

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43264

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43264 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T17:45:34Z

Weaknesses