Description
In the Linux kernel, the following vulnerability has been resolved:

rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()

When idtab allocation fails, net is not registered with rio_add_net() yet,
so kfree(net) is sufficient to release the memory. Set mport->net to NULL
to avoid dangling pointer.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, a prior implementation incorrectly attempted to free a network structure with rio_free_net() even when the net object had not been registered with rio_add_net(), which could leave a dangling pointer that may be dereferenced later. The patch replaces the call with kfree() and sets the mport->net pointer to NULL, eliminating the risk of use‑after‑free or memory corruption. The flaw could potentially lead to kernel instability that may be exploited to crash the system, but no direct code‑execution path is described in the provided information.

Affected Systems

Vulnerable Linux kernel images that include the rapidio driver prior to the commit that introduces the corrected free logic are affected. All distributions using the stock kernel are potentially impacted if they have not applied the rapidio patch; the exact release dates are not specified, so any kernel older than the commit that referenced this fix is at risk.

Risk and Exploitability

Because the exploit would require triggering an idtab allocation failure in the rapidio driver and then accessing the freed net structure, the attack vector is likely local and confined to devices that use the rapidio backend. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits. Therefore, the overall risk is considered moderate, with a low likelihood of real‑world exploitation under normal operating conditions.

Generated by OpenCVE AI on May 9, 2026 at 01:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to the latest version that contains the rapidio patch
  • If the rapidio driver is not required, disable or remove it to eliminate the attack surface
  • Continuously monitor kernel release notes for any subsequent security updates related to rapidio

Generated by OpenCVE AI on May 9, 2026 at 01:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer.
Title rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T13:11:18.226Z

Reserved: 2026-05-01T14:12:55.999Z

Link: CVE-2026-43295

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:36.593

Modified: 2026-05-08T14:16:36.593

Link: CVE-2026-43295

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43295 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses