CVE-2026-43270
Reference Leak in Linux Kernel MTK MDP Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference leak bug in the Linux kernel's media component, specifically in the mtk-mdp driver. The issue occurs in the mtk_mdp_probe() function where the call to vpu_get_plat_device() increases the reference count of a platform device but does not properly decrease it later. The fix involves adding a call to platform_device_put() in mtk_mdp_remove() to prevent the reference leak.
How can this vulnerability impact me? :
A reference leak in the kernel can lead to resource exhaustion over time, potentially causing system instability or degraded performance. If the reference count is not properly managed, it may prevent the release of resources associated with the platform device, which could eventually impact system reliability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is a reference leak in the Linux kernel's mtk-mdp driver. To mitigate this issue, you should update your Linux kernel to a version where the fix has been applied, specifically where platform_device_put() is added in mtk_mdp_remove() to prevent the reference leak.