Skip to main content

Linux Kernel CVE-2026-43202

| EUVDEUVD-2026-27765 MEDIUM
2026-05-06 Linux GHSA-fqq8-vjr7-827p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 20:22 vuln.today
CVSS changed
May 11, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

fbdev: vt8500lcdfb: fix missing dma_free_coherent()

fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed if the error path is reached.

AnalysisAI

Memory leak in Linux kernel fbdev vt8500lcdfb driver allows local authenticated users to cause denial of service via unfreed DMA-allocated buffer on error path. The vulnerability exists in the framebuffer initialization code where dma_alloc_coherent() allocation for fbi->fb.screen_buffer is not properly freed if an error occurs during probe, leading to memory exhaustion on repeated device initialization attempts. Local privilege required; no remote or unauthenticated attack vector.

Technical ContextAI

The vulnerability resides in the VIA VT8500 LCD framebuffer driver (vt8500lcdfb) within the Linux kernel's fbdev subsystem. The driver uses dma_alloc_coherent() to allocate DMA-safe memory for the framebuffer screen buffer, a required pattern for devices performing DMA operations on video memory. The flaw is a classic resource cleanup error: when the probe or initialization path encounters an error after dma_alloc_coherent() succeeds but before the device is fully registered, the corresponding dma_free_coherent() call is never executed. This leaves the allocated memory permanently unavailable to the kernel's memory allocator. The issue affects all kernel versions from Linux 3.7 onward where this driver exists, with fixes available in stable branches 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, and 6.19.6 as indicated by git commit hashes in the EUVD data.

RemediationAI

Apply kernel security updates to versions 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, or 6.19.6 or later, depending on your kernel branch. For systems on older kernel versions, backport the fix from the upstream kernel repository (commit references: 9a9bc60ed372aaae9784ff8ad8e5f496ff15fd31, 9c3873cccb3fab54cde0605ae7093d332c99073e, or equivalent per your kernel version) by applying dma_free_coherent() in the vt8500lcdfb probe error handling path. If immediate kernel update is not feasible, mitigate by restricting local system access to trusted users only (adjust sudo/capabilities rules to prevent unprivileged access to device initialization) and monitor for repeated framebuffer probe failures in kernel logs (dmesg output) which may indicate exploitation attempts. Note that this driver is typically only loaded on systems with actual VIA VT8500 hardware; systems without this hardware are unaffected even if running vulnerable kernel versions, as the vulnerable code path is not executed.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43202 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy