[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-43497":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-15T22:50:23.791Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":25,"related":26,"reserved_at":9,"published_at":28,"modified_at":29,"state":30,"summary":31,"references_raw":40,"kevs":74,"epss":75,"epss_history":78,"metrics":154,"affected":162},"CVE-2026-43497","In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free\n\ndlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebuffer pages\nto userspace but sets no vm_ops on the VMA. This means the kernel cannot\ntrack active mmaps. When dlfb_realloc_framebuffer() replaces the backing\nbuffer via FBIOPUT_VSCREENINFO, existing mmap PTEs are not invalidated.\nOn USB disconnect, dlfb_ops_destroy() calls vfree() on the old pages\nwhile userspace PTEs still reference them, resulting in a use-after-free:\nthe process retains read/write access to freed kernel pages.\n\nAdd vm_operations_struct with open/close callbacks that maintain an\natomic mmap_count on struct dlfb_data. In dlfb_realloc_framebuffer(),\ncheck mmap_count and return -EBUSY if the buffer is currently mapped,\npreventing buffer replacement while userspace holds stale PTEs.\n\nTested with PoC using dummy_hcd + raw_gadget USB device emulation.",null,[],[],[],[],[15,17,19,21,23],{"_key":16},"OPENSUSE-SU-2026:10859-1",{"_key":18},"MGASA-2026-0174",{"_key":20},"MGASA-2026-0177",{"_key":22},"UBUNTU-CVE-2026-43497",{"_key":24},"DEBIAN-CVE-2026-43497",[],[27],{"_key":16},"2026-05-21T12:12:47.150Z","2026-06-14T17:45:29.664Z","Awaiting Analysis",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":33,"epss_score":34,"severity":35,"severity_score":36,"severity_version":37,"severity_source":38,"severity_vector":39,"severity_status":30},false,"low",0.00113,"high",7.3,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",[41,46,50,54,58,62,66,70],{"url":42,"sources":43,"tags":45},"https://git.kernel.org/stable/c/4f312c30f0368e8d2a76aa650dff73f23490b5e7",[38,44],"nvd",[],{"url":47,"sources":48,"tags":49},"https://git.kernel.org/stable/c/18dd358de72d57993422cbb5dfb29ccd74efe192",[38,44],[],{"url":51,"sources":52,"tags":53},"https://git.kernel.org/stable/c/da9b065cedfd3b574f229d5be594e6aa47a27ae6",[38,44],[],{"url":55,"sources":56,"tags":57},"https://git.kernel.org/stable/c/a2c53a3822ee26e8d758071815b9ed3bf6669fc1",[38,44],[],{"url":59,"sources":60,"tags":61},"https://git.kernel.org/stable/c/8de779dc40d35d39fa07387b6f921eb11df0f511",[38,44],[],{"url":63,"sources":64,"tags":65},"https://git.kernel.org/stable/c/60f711cfd580f86fea8284146ac133804e728f9a",[38,44],[],{"url":67,"sources":68,"tags":69},"https://git.kernel.org/stable/c/5931f5651ee32bd41b3323256b31fcc8e71336ed",[38,44],[],{"url":71,"sources":72,"tags":73},"https://git.kernel.org/stable/c/e3d9865dacd7435b8465848428210d0f0c673311",[38,44],[],[],{"date":76,"score":34,"percentile":77},"2026-06-15",0.01718,[79,83,86,89,92,95,99,102,105,109,112,115,118,121,124,127,130,133,136,139,142,145,147,150,153],{"date":80,"score":81,"percentile":82},"2026-05-22",0.00018,0.05078,{"date":84,"score":81,"percentile":85},"2026-05-23",0.05066,{"date":87,"score":81,"percentile":88},"2026-05-24",0.05068,{"date":90,"score":81,"percentile":91},"2026-05-25",0.05056,{"date":93,"score":81,"percentile":94},"2026-05-26",0.05054,{"date":96,"score":97,"percentile":98},"2026-05-27",0.00024,0.06949,{"date":100,"score":97,"percentile":101},"2026-05-28",0.07066,{"date":103,"score":97,"percentile":104},"2026-05-29",0.07077,{"date":106,"score":107,"percentile":108},"2026-05-30",0.00012,0.01917,{"date":110,"score":107,"percentile":111},"2026-05-31",0.01911,{"date":113,"score":107,"percentile":114},"2026-06-01",0.01896,{"date":116,"score":107,"percentile":117},"2026-06-02",0.01901,{"date":119,"score":107,"percentile":120},"2026-06-03",0.01887,{"date":122,"score":107,"percentile":123},"2026-06-04",0.01884,{"date":125,"score":107,"percentile":126},"2026-06-05",0.01897,{"date":128,"score":107,"percentile":129},"2026-06-06",0.01903,{"date":131,"score":107,"percentile":132},"2026-06-07",0.01894,{"date":134,"score":107,"percentile":135},"2026-06-08",0.01881,{"date":137,"score":107,"percentile":138},"2026-06-09",0.01875,{"date":140,"score":107,"percentile":141},"2026-06-10",0.01874,{"date":143,"score":107,"percentile":144},"2026-06-11",0.0188,{"date":146,"score":107,"percentile":135},"2026-06-12",{"date":148,"score":107,"percentile":149},"2026-06-13",0.01883,{"date":151,"score":107,"percentile":152},"2026-06-14",0.01892,{"date":76,"score":34,"percentile":77},[155,160],{"source":38,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":156,"cvss_v4_0":9},{"baseScore":36,"baseSeverity":157,"vectorString":39,"impactScore":158,"exploitabilityScore":159},"HIGH",9.8,3.3,{"source":44,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":161,"cvss_v4_0":9},{"baseScore":36,"baseSeverity":157,"vectorString":39,"impactScore":158,"exploitabilityScore":159},[163],{"ecosystem":9,"name":164,"vendor":165,"product":165,"cpe_part":166,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":167},"Linux","linux","a",[168,175,178,181,184,187,191,194,197,199,201,203,205,207],{"version":169,"is_range":170,"range_type":38,"version_start":171,"version_start_type":172,"version_end":173,"version_end_type":174,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 4f312c30f0368e8d2a76aa650dff73f23490b5e7",true,"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","including","4f312c30f0368e8d2a76aa650dff73f23490b5e7","excluding",{"version":176,"is_range":170,"range_type":38,"version_start":171,"version_start_type":172,"version_end":177,"version_end_type":174,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 18dd358de72d57993422cbb5dfb29ccd74efe192","18dd358de72d57993422cbb5dfb29ccd74efe192",{"version":179,"is_range":170,"range_type":38,"version_start":171,"version_start_type":172,"version_end":180,"version_end_type":174,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C da9b065cedfd3b574f229d5be594e6aa47a27ae6","da9b065cedfd3b574f229d5be594e6aa47a27ae6",{"version":182,"is_range":170,"range_type":38,"version_start":171,"version_start_type":172,"version_end":183,"version_end_type":174,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C a2c53a3822ee26e8d758071815b9ed3bf6669fc1","a2c53a3822ee26e8d758071815b9ed3bf6669fc1",{"version":185,"is_range":170,"range_type":38,"version_start":171,"version_start_type":172,"version_end":186,"version_end_type":174,"fixed_in":9},">= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, \u003C 8de779dc40d35d39fa07387b6f921eb11df0f511","8de779dc40d35d39fa07387b6f921eb11df0f511",{"version":188,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":190,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C 60f711cfd580f86fea8284146ac133804e728f9a","7433914efd584b22bb49d3e1eee001f5d0525ecd","60f711cfd580f86fea8284146ac133804e728f9a",{"version":192,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":193,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C 5931f5651ee32bd41b3323256b31fcc8e71336ed","5931f5651ee32bd41b3323256b31fcc8e71336ed",{"version":195,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":196,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C e3d9865dacd7435b8465848428210d0f0c673311","e3d9865dacd7435b8465848428210d0f0c673311",{"version":198,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":173,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C 4f312c30f0368e8d2a76aa650dff73f23490b5e7",{"version":200,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":177,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C 18dd358de72d57993422cbb5dfb29ccd74efe192",{"version":202,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":180,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C da9b065cedfd3b574f229d5be594e6aa47a27ae6",{"version":204,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":183,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C a2c53a3822ee26e8d758071815b9ed3bf6669fc1",{"version":206,"is_range":170,"range_type":38,"version_start":189,"version_start_type":172,"version_end":186,"version_end_type":174,"fixed_in":9},">= 7433914efd584b22bb49d3e1eee001f5d0525ecd, \u003C 8de779dc40d35d39fa07387b6f921eb11df0f511",{"version":208,"is_range":32,"range_type":38,"version_start":208,"version_start_type":172,"version_end":208,"version_end_type":172,"fixed_in":9},"4.19"]