Skip to main content

Linux Kernel CVE-2026-43207

| EUVDEUVD-2026-27766 HIGH
NULL Pointer Dereference (CWE-476)
2026-05-06 Linux GHSA-g5mh-vxpw-8cvf
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:37 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: mtk-mdp: Fix error handling in probe function

Add mtk_mdp_unregister_m2m_device() on the error handling path to prevent resource leak.

Add check for the return value of vpu_get_plat_device() to prevent null pointer dereference. And vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak.

AnalysisAI

Resource management flaws in the Linux kernel MediaTek MDP driver allow local authenticated attackers with low privileges to trigger memory corruption via improper error handling during device probe initialization, potentially escalating to kernel code execution. Multiple stable kernel branches (5.10.x through 7.0) are affected, with vendor patches released across all maintained versions. No active exploitation confirmed (EPSS 0.02%, not in CISA KEV), though the local attack vector and low complexity suggest straightforward exploitation once local access is achieved.

Technical ContextAI

The vulnerability exists in the MediaTek Media Data Path (mtk-mdp) driver's probe function within the Linux kernel V4L2 (Video4Linux2) subsystem. The flaw involves three distinct resource management errors: (1) failure to call mtk_mdp_unregister_m2m_device() during error paths, causing memory-to-memory device registration leaks; (2) missing null pointer validation for vpu_get_plat_device() return values before dereferencing, enabling null pointer dereference attacks; (3) failure to call platform_device_put() after vpu_get_plat_device() increases reference counts, causing reference count leaks. These issues stem from improper implementation of kernel driver probe error handling, violating Linux kernel resource management patterns. The mtk-mdp driver provides hardware acceleration for MediaTek SoC image processing, making this vulnerability relevant to ARM-based devices using MediaTek chipsets. Affected code was introduced in commit c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a (Linux 4.10 era, circa 2017) and persisted through 2025 until patching.

RemediationAI

Update to patched Linux kernel versions: 7.0+ (mainline), 6.19.6+, 6.18.16+, 6.12.75+, 6.6.128+ (LTS), 6.1.165+ (LTS), 5.15.202+ (LTS), or 5.10.252+ (LTS) depending on your kernel branch. Patches available from https://git.kernel.org/stable/ with fix commits listed in NVD references. For embedded/IoT devices, consult hardware vendor for firmware updates incorporating these kernel patches, as direct kernel updates may not be feasible. If immediate patching is impossible, implement compensating controls with awareness of trade-offs: (1) Unload or blacklist the mtk_mdp kernel module if MediaTek media acceleration is not required (add 'blacklist mtk_mdp' to /etc/modprobe.d/blacklist.conf), though this disables hardware-accelerated video/image processing on affected devices, forcing CPU-based processing with performance penalties; (2) Restrict /dev/video* device access to root-only via udev rules to prevent unprivileged local users from triggering driver initialization, though this breaks legitimate applications requiring camera/video access for non-root users; (3) Deploy kernel runtime integrity monitoring (IMA/EVM) to detect kernel memory corruption attempts, adding operational overhead. For Android devices, await vendor security updates as manual kernel patching typically requires bootloader unlock and warranty void. Verify patch installation by checking kernel version (uname -r) matches patched releases and confirming fix commits via 'git log' if building from source.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43207 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy