CVE-2026-43458

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: caif: hold tty-&gt;link reference in ldisc_open and ser_release<br /> <br /> A reproducer triggers a KASAN slab-use-after-free in pty_write_room()<br /> when caif_serial&amp;#39;s TX path calls tty_write_room(). The faulting access<br /> is on tty-&gt;link-&gt;port.<br /> <br /> Hold an extra kref on tty-&gt;link for the lifetime of the caif_serial line<br /> discipline: get it in ldisc_open() and drop it in ser_release(), and<br /> also drop it on the ldisc_open() error path.<br /> <br /> With this change applied, the reproducer no longer triggers the UAF in<br /> my testing.