CVE-2026-43269
Received Received - Intake
Memory Leak in Linux Kernel DRM/Atmel-HLCDC Driver

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The atomic_destroy_state callback only put the framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function to put all the objects that are no longer needed. It has been seen after hours of usage of a graphics application or using kmemleak: unreferenced object 0xc63a6580 (size 64): comm "egt_basic", pid 171, jiffies 4294940784 hex dump (first 32 bytes): 40 50 34 c5 01 00 00 00 ff ff ff ff 8c 65 3a c6 @P4..........e:. 8c 65 3a c6 ff ff ff ff 98 65 3a c6 98 65 3a c6 .e:......e:..e:. backtrace (crc c25aa925): kmemleak_alloc+0x34/0x3c __kmalloc_cache_noprof+0x150/0x1a4 drm_atomic_helper_setup_commit+0x1e8/0x7bc drm_atomic_helper_commit+0x3c/0x15c drm_atomic_commit+0xc0/0xf4 drm_atomic_helper_set_config+0x84/0xb8 drm_mode_setcrtc+0x32c/0x810 drm_ioctl+0x20c/0x488 sys_ioctl+0x14c/0xc20 ret_fast_syscall+0x0/0x54
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43269
EUVD
EUVD-2026-27668
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 4.1 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's drm/atmel-hlcdc component. Specifically, some drm_crtc_commit objects are not properly freed because the atomic_destroy_state callback only releases the framebuffer, but does not release all associated objects. The fix involves using the __drm_atomic_helper_plane_destroy_state() function to ensure all unneeded objects are freed.

The issue causes slab memory to increase over time, which can be observed after hours of running a graphics application or by using the kmemleak tool.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when using certain graphics applications. Over time, the system's memory consumption may increase due to unreleased drm_crtc_commit objects, potentially degrading system performance or causing resource exhaustion.

Detection Guidance

This vulnerability can be detected by monitoring for memory leaks related to drm_crtc_commit objects in the Linux kernel, especially after prolonged use of graphics applications.

Using the kmemleak tool is suggested to identify unreferenced objects that indicate memory leaks.

An example output from kmemleak includes unreferenced objects with details such as command name, process ID, and backtrace information.

To detect this issue, you can enable and use kmemleak with commands like:

  • echo scan > /sys/kernel/debug/kmemleak
  • cat /sys/kernel/debug/kmemleak

These commands trigger a scan for memory leaks and display any unreferenced objects found.

Mitigation Strategies

The vulnerability has been resolved by fixing the memory leak in the drm/atmel-hlcdc driver by using the __drm_atomic_helper_plane_destroy_state() function to properly free all objects.

Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

Until the update is applied, monitoring for memory leaks using kmemleak and limiting prolonged use of affected graphics applications may help reduce impact.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43269. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart