Skip to main content

Linux Kernel CVE-2026-43397

| EUVDEUVD-2026-28703 MEDIUM
Memory Leak (CWE-401)
2026-05-08 Linux GHSA-25rf-28xv-w8h2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 19:38 vuln.today
CVSS changed
May 21, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: samsung-dsim: Fix memory leak in error path

In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach() fails afterwards, the function returns without removing the bridge, causing a memory leak.

Fix this by adding proper error handling with goto labels to ensure drm_bridge_remove() is called in all error paths. Also ensure that samsung_dsim_unregister_te_irq() is called if the attach operation fails after the TE IRQ has been registered.

samsung_dsim_unregister_te_irq() function is moved without changes to be before samsung_dsim_host_attach() to avoid forward declaration.

AnalysisAI

Memory leak in the Linux kernel's samsung-dsim DRM bridge driver allows a local low-privileged user to exhaust kernel memory by repeatedly triggering error paths in samsung_dsim_host_attach() where drm_bridge_remove() is never called after a failed samsung_dsim_register_te_irq() or host attach operation. Affected systems must be running Samsung MIPI DSI display hardware with the samsung-dsim module loaded. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (5th percentile) combined with absence from CISA KEV confirms this is a low-exploitation-likelihood maintenance fix rather than an active threat.

Technical ContextAI

The vulnerability resides in the samsung-dsim (Samsung Display Serial Interface Master) subsystem of the Linux kernel's DRM bridge layer, responsible for managing MIPI DSI display interfaces on Samsung SoC-based platforms (e.g., Exynos, S3C). The root cause is CWE-401 (Missing Release of Memory after Effective Lifetime): drm_bridge_add() allocates and registers a bridge structure during samsung_dsim_host_attach(), but if either samsung_dsim_register_te_irq() or pdata->host_ops->attach() subsequently fails, the function returns an error code without invoking drm_bridge_remove(), leaving the bridge allocation live indefinitely. The fix introduces goto-based error handling to ensure drm_bridge_remove() and samsung_dsim_unregister_te_irq() are called on all failure paths, and relocates samsung_dsim_unregister_te_irq() above the attach function to avoid a forward declaration. CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, with the vulnerability introduced at commit e7447128ca4a250374d6721ee98e3e3cf99551a6.

RemediationAI

Apply the vendor-provided stable kernel patches, which are available for all supported stable branches. Fixed versions confirmed by EUVD are: Linux 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0. The corresponding upstream fix commits are available at https://git.kernel.org/stable/c/98310fe3a2a79671b739a5344c1a11d74c503e25, https://git.kernel.org/stable/c/0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95, https://git.kernel.org/stable/c/e6d779654cda63d632bd8dfcdcabd125057e30a5, https://git.kernel.org/stable/c/a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1, and https://git.kernel.org/stable/c/803ec1faf7c1823e6e3b1f2aaa81be18528c9436. For systems where immediate kernel upgrade is not feasible, restricting /dev/dri/* device node access permissions to trusted users reduces the ability of low-privilege users to trigger bridge attach cycles, though this may degrade display management on Samsung DSI hardware. Unloading or blacklisting the samsung-dsim module entirely (via /etc/modprobe.d/blacklist.conf) eliminates exposure with the trade-off of disabling the Samsung DSI display interface entirely - acceptable only on headless systems. Distribution kernel updates (Ubuntu, Debian, RHEL) should be monitored for backported fixes.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43397 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy