Description
In the Linux kernel, the following vulnerability has been resolved:

net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()

The priv->rx_buffer and priv->tx_buffer are alloc'd together as
contiguous buffers in uhdlc_init() but freed as two buffers in
uhdlc_memclean().

Change the cleanup to only call dma_free_coherent() once on the whole
buffer.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The fsl_ucc_hdlc driver in the Linux kernel mistakenly calls dma_free_coherent twice on a single contiguous buffer allocated in uhdlc_init, corrupting kernel memory and leading to a kernel panic. This classic denial of service flaw is classified by the CNA as CWE‑1341, indicating improper handling of dynamic memory and assertions.

Affected Systems

Affected version information is not available. Any Linux kernel that includes the fsl_ucc_hdlc module without the upstream commit is affected. The vulnerability resides in the net:wan/fsl_ucc_hdlc subsystem, which may be compiled or loaded as a module in various distributions.

Risk and Exploitability

Based on the description, it is inferred that a local attacker capable of interacting with the wan/hdlc interface or forcing a module unload could trigger the faulty cleanup and cause a crash. The CVSS score of 5.5 indicates moderate severity, and the EPSS score is <1%, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, so the exploitation likelihood remains uncertain. The primary impact is loss of availability; no code execution path is documented.

Generated by OpenCVE AI on May 13, 2026 at 21:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the upstream patch for the fsl_ucc_hdlc module.
  • If an update is not available, backport the upstream commit that corrects the cleanup into the kernel source and rebuild.
  • As a temporary measure, unload or disable the fsl_ucc_hdlc module to prevent the double free from occurring.

Generated by OpenCVE AI on May 13, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Wed, 13 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References

Wed, 06 May 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() The priv->rx_buffer and priv->tx_buffer are alloc'd together as contiguous buffers in uhdlc_init() but freed as two buffers in uhdlc_memclean(). Change the cleanup to only call dma_free_coherent() once on the whole buffer.
Title net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:42.659Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43149

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:32.553

Modified: 2026-05-13T20:15:21.293

Link: CVE-2026-43149

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43149 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:00:06Z

Weaknesses