Skip to main content

Linux Kernel CVE-2026-43162

| EUVDEUVD-2026-27721 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-m5gj-w75c-gcxx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 12:03 vuln.today
CVSS changed
May 13, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: tegra-video: Fix memory leak in __tegra_channel_try_format()

The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed.

In __tegra_channel_try_format(), two error paths return directly after v4l2_subdev_call() fails, without freeing the allocated 'sd_state' object. This violates the requirement and causes a memory leak.

Fix this by introducing a cleanup label and using goto statements in the error paths to ensure that __v4l2_subdev_state_free() is always called before the function returns.

AnalysisAI

Memory leak in the Linux kernel's tegra-video media driver causes local denial-of-service on NVIDIA Tegra-based systems. The __tegra_channel_try_format() function fails to free a V4L2 subdev state object on two error paths after v4l2_subdev_call() fails, leaking kernel memory on each invocation. A local authenticated attacker with access to a Tegra video capture device can repeatedly trigger the error paths to exhaust kernel memory, degrading or crashing the system. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with a niche, hardware-specific availability issue.

Technical ContextAI

The vulnerability resides in the tegra-video subsystem (drivers/media/platform/tegra/), which implements V4L2 video capture for NVIDIA Tegra SoCs. The __tegra_channel_try_format() function calls __v4l2_subdev_state_alloc() to allocate a kernel heap object representing the subdev pipeline state during format negotiation. CWE-401 (Missing Release of Memory Before Removing Last Reference) applies: two early-return error branches following v4l2_subdev_call() failure exit the function without invoking the paired __v4l2_subdev_state_free() destructor, permanently leaking the allocation. The fix introduces a goto cleanup pattern to consolidate teardown. Affected CPE is cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* starting from the introducing commit 1ebaeb09830f36c1111b72a95420814225bd761c across all stable series that carry that commit.

RemediationAI

The primary remediation is to upgrade to a patched kernel version: 6.19.6, 6.18.17, 6.12.77, 6.6.130, 6.1.167, or 5.10 stable (fix commit ca921be7a1174d5d58b28f84b683c2c0079f18c5), or mainline at or beyond commit d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a. Patch commits are publicly available at the kernel.org stable tree references provided. For Red Hat and SUSE users, monitor vendor advisories for backported fixes to distribution kernels. If an immediate kernel upgrade is not feasible, a compensating control is to restrict access to V4L2 device nodes (e.g., /dev/video*) to only trusted users via udev rules or group permissions - this prevents unprivileged local users from triggering the leaking code path, though it does not eliminate the bug. Disabling the tegra-video kernel module (modprobe -r tegra-video) eliminates exposure entirely on systems where Tegra video capture functionality is not required, with the trade-off of losing camera/video capture capability.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43162 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy