Skip to main content

Linux Kernel CVE-2026-43105

| EUVDEUVD-2026-27620 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-vggp-xwf8-34q8
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 17:37 vuln.today
CVSS changed
May 11, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix memory leak of BO array in hang state

The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the missing kfree() for the BO array before freeing the hang state struct.

AnalysisAI

Memory leak in the Linux kernel's Direct Rendering Manager (DRM) vc4 driver allows local authenticated attackers to exhaust kernel memory and trigger a denial of service condition. The vulnerability stems from a missing kfree() call in vc4_free_hang_state() that fails to release a separately allocated BO (buffer object) array, enabling persistent memory exhaustion through repeated hang state operations.

Technical ContextAI

The Linux kernel's DRM vc4 (VideoCore IV) driver manages graphics operations on Broadcom SoCs used in Raspberry Pi and similar devices. The vulnerability exists in the hang state debugging functionality: vc4_save_hang_state() allocates a BO array using kzalloc() to capture GPU state during hang conditions, but vc4_free_hang_state() omits the corresponding kfree() for this array, resulting in CWE-401 (Missing Release of Memory After Effective Lifetime). This is a kernel memory management error affecting the graphics rendering subsystem where improper cleanup of kernel-allocated memory directly impacts system stability and resource availability.

RemediationAI

Vendor-released patches are available: upgrade to Linux 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0 or later depending on your deployed kernel series. Apply the specific patch commit (a812008fe3a0aebb778d277b35717f64e23d0302 or the corresponding hash for your stable branch) which adds kfree(hang_state->bo) in vc4_free_hang_state(). Detailed patch references are available at https://git.kernel.org/stable/ with the commit hashes listed above. If immediate kernel upgrade is not feasible, restrict local access to GPU debugging interfaces and limit the number of GPU hangs that can be triggered by individual users through cgroup memory limits or sysctl configuration of drm.vc4 parameters. Note that mitigations are incomplete - the proper fix requires applying the kernel patch to fully resolve the memory leak.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43105 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy