CVE-2026-43058
Memory Sanitizer Warning Fix in Linux Kernel vidtv
Publication date: 2026-05-02
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability primarily causes Memory Sanitizer (MSAN) to report uninitialized value warnings due to how structs are passed by value in certain Linux kernel functions. While it may not directly lead to exploitation or security breaches, it can cause false positives in memory analysis tools and potentially mask real issues.
The fix reduces these MSAN warnings by changing the function parameters to const pointers, improving code correctness and reliability.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's media subsystem, specifically in the vidtv component. Two functions, vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(), take their argument structs by value rather than by pointer. This causes Memory Sanitizer (MSAN) to report uninitialized value warnings because the stack copy of the struct includes uninitialized memory metadata.
The issue is that passing structs by value leads to copying the struct along with its MSAN shadow and origin metadata, which can trigger false warnings or potential issues. The fix involves changing these functions to accept the structs by const pointer instead, which avoids the stack copy and ensures the functions do not modify the structs.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.