What is GHSA-w279-mj9j-w893?

GHSA-w279-mj9j-w893 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect...

Which CVE IDs does GHSA-w279-mj9j-w893 cover?

GHSA-w279-mj9j-w893 covers the following CVE IDs: CVE-2026-46065. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-w279-mj9j-w893?

GHSA-w279-mj9j-w893 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-w279-mj9j-w893HighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46065 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

Hold state of deferred I/O in struct fb_deferred_io_state. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping has been closed. If the fb_info and the contained deferred I/O meanwhile goes away, clear struct fb_deferred_io_state.info to invalidate the mapping. Any access will then result in a SIGBUS signal.

Fixes a long-standing problem, where a device hot-unplug happens while user space still has an active mapping of the graphics memory. The hot- unplug frees the instance of struct fb_info. Accessing the memory will operate on undefined state.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (7)