CVE-2026-43397
Analyzed Analyzed - Analysis Complete
Memory Leak in Samsung DSIM Bridge Driver

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach() fails afterwards, the function returns without removing the bridge, causing a memory leak. Fix this by adding proper error handling with goto labels to ensure drm_bridge_remove() is called in all error paths. Also ensure that samsung_dsim_unregister_te_irq() is called if the attach operation fails after the TE IRQ has been registered. samsung_dsim_unregister_te_irq() function is moved without changes to be before samsung_dsim_host_attach() to avoid forward declaration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43397
EUVD
EUVD-2026-28703
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 6.4 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's drm/bridge component, specifically in the samsung-dsim driver.

The issue occurs in the function samsung_dsim_host_attach(), where drm_bridge_add() is called to add a bridge. If subsequent calls to samsung_dsim_register_te_irq() or pdata->host_ops->attach() fail, the function returns without removing the previously added bridge, causing a memory leak.

The fix involves adding proper error handling using goto labels to ensure drm_bridge_remove() is called on all error paths, and ensuring samsung_dsim_unregister_te_irq() is called if the attach operation fails after the TE IRQ has been registered.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when the samsung-dsim driver encounters errors during bridge attachment.

Memory leaks can degrade system performance over time by consuming increasing amounts of memory, potentially leading to system instability or crashes if the leak is severe and persistent.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the drm/bridge samsung-dsim memory leak issue has been fixed.

The fix involves proper error handling in samsung_dsim_host_attach() to ensure drm_bridge_remove() is called on all error paths and that samsung_dsim_unregister_te_irq() is called if the attach operation fails after the TE IRQ has been registered.

Applying the official patch or upgrading to the fixed kernel version will prevent the memory leak caused by improper cleanup in error scenarios.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43397. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart