CVE-2026-46065

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb info

Hold state of deferred I/O in struct fb deferred io state. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping has been closed. If the fb info and the contained deferred I/O meanwhile goes away, clear struct fb deferred io state.info to invalidate the mapping. Any access will then result in a SIGBUS signal.

Fixes a long-standing problem, where a device hot-unplug happens while user space still has an active mapping of the graphics memory. The hot- unplug frees the instance of struct fb info. Accessing the memory will operate on undefined state.