CVE-2026-43104
Memory Leak in Linux Kernel DRM VC4 Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's drm/vc4 component. Specifically, when the function vc4_save_hang_state() encounters an early return condition, it fails to free previously allocated memory called kernel_state. This results in a memory leak.
The fix involved adding the missing kfree() calls by consolidating the early return paths into a single place to ensure the allocated memory is properly freed.
How can this vulnerability impact me? :
The vulnerability causes a memory leak in the Linux kernel when certain error conditions occur in the drm/vc4 driver. Over time, this could lead to increased memory usage, potentially degrading system performance or causing instability if the leaked memory accumulates.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the drm/vc4 memory leak issue in the hang state error path has been fixed.
This fix involves adding missing kfree() calls to properly free allocated kernel memory in the vc4_save_hang_state() function.