CVE-2026-43218
Memory Leak in Linux Kernel Media Subsystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the tw9903_probe() memory leak issue has been fixed. This involves applying the patch that ensures v4l2_ctrl_handler_free() is called in the error path to prevent memory leaks.
Can you explain this vulnerability to me?
This vulnerability is a potential memory leak in the Linux kernel's media subsystem, specifically in the i2c/tw9903 driver. During the execution of the tw9903_probe() function, if an error occurs, the memory allocated by v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not properly freed. This issue is fixed by ensuring that v4l2_ctrl_handler_free() is called on the handler in the error path to release the allocated memory.
How can this vulnerability impact me? :
The impact of this vulnerability is a potential memory leak in the Linux kernel when using the tw9903 driver. Over time, if the error path is triggered repeatedly, it could lead to increased memory usage and possibly degrade system performance or stability. However, there is no indication of direct security compromise such as code execution or privilege escalation.