CVE-2026-43146
Memory Leak in Linux Kernel Iris Media Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's media iris component where a buffer was added to a list before the successful allocation of DMA memory. Specifically, the function added the buffer to the list before confirming that the DMA allocation succeeded. If the allocation failed, the function returned an error but left a partially initialized buffer in the list, causing an inconsistent state and potential resource leaks.
The fix involved moving the operation that adds the buffer to the list to after the DMA allocation succeeds, ensuring that only fully initialized and valid buffers are added to the list.
How can this vulnerability impact me? :
This vulnerability can lead to an inconsistent internal state within the Linux kernel's media iris buffer management. Because partially initialized buffers remain in the list after a failed allocation, it can cause resource leaks and potentially unstable behavior in the system's media handling components.
Such inconsistent states and leaks could degrade system performance or reliability, and in some cases might be exploitable to cause denial of service or other unintended effects.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves ensuring that buffers are only added to the list after successful DMA allocation, preventing inconsistent states and potential leaks.