cve 2026-46065

CVE-2026-46065 is a Linux kernel vulnerability disclosed in May 2026 that involves a framebuffer deferred-I/O lifetime bug triggered after device hot-unplug. The issue occurs when graphics memory remains mapped after a device is removed, leading to a use-after-free condition in the struct fb_info structure. This vulnerability highlights how legacy compatibility layers like fbdev can become security boundaries. The tag covers discussions about the technical details of the bug, its disclosure by kernel.org and NVD, and the broader implications for systems relying on framebuffer graphics. It is relevant for Linux users, kernel developers, and IT professionals managing systems with hot-pluggable graphics hardware.