CVE-2026-43162
Memory Leak in Linux Kernel Tegra Video Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is a memory leak in the Linux kernel's tegra-video media driver caused by not freeing allocated state objects on error paths.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes the fix for CVE-2026-43162, where the error paths in __tegra_channel_try_format() have been corrected to properly free allocated memory.
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's media subsystem, specifically in the tegra-video driver within the __tegra_channel_try_format() function.
The issue occurs because a state object allocated by __v4l2_subdev_state_alloc() is not properly freed when an error happens after a call to v4l2_subdev_call(). Two error paths return directly without freeing this allocated object, violating the requirement to free it with __v4l2_subdev_state_free().
The fix involves adding a cleanup label and using goto statements to ensure that the allocated state object is always freed before the function returns, preventing the memory leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel's media driver, which over time may cause increased memory usage and potentially degrade system performance or stability.
In environments where the affected driver is used heavily, this could result in resource exhaustion, possibly leading to crashes or denial of service conditions.