Skip to main content

Linux Kernel EUVDEUVD-2026-26751

| CVE-2026-43058 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-02 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Jun 01, 2026 - 17:26 vuln.today
CVSS changed
Jun 01, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 02, 2026 - 08:01 EUVD
Patch released
May 02, 2026 - 07:16 nvd
Patch available
EUVD ID Assigned
May 02, 2026 - 07:00 euvd
EUVD-2026-26751
CVE Published
May 02, 2026 - 06:11 nvd
N/A
CVE Published
May 02, 2026 - 06:11 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: fix pass-by-value structs causing MSAN warnings

vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtv_ts_null_write_into() has triggered a report so far, both functions share the same issue.

Fix by passing both structs by const pointer instead, avoiding the stack copy of the struct along with its MSAN shadow and origin metadata. The functions do not modify the structs, which is enforced by the const qualifier.

AnalysisAI

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Technical ContextAI

The vulnerability resides in the vidtv (Virtual Digital TV) subsystem of the Linux kernel's media framework, specifically in the functions vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). These functions accepted their argument structs by value rather than by pointer, causing the compiler to create a stack copy of the struct. When MemorySanitizer (MSAN) is active, this stack copy carries over MSAN shadow and origin metadata for any uninitialized fields, triggering uninitialized-value warnings. CWE-476 (NULL Pointer Dereference) is the root cause class: the uninitialized struct fields can result in a null pointer dereference within kernel context, producing a kernel panic and denial of service. The fix enforces const-pointer passing so no stack copy is made and struct immutability is compiler-enforced. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. The vidtv driver is a virtual/test driver for the DVB media subsystem, not a production hardware driver.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel version: 7.1-rc1, 7.0.1, 6.19.14, 6.18.24, 6.12.83, or 6.6.136, depending on the stable branch in use. Patches are confirmed via multiple kernel.org stable commits referenced above. For systems where immediate kernel upgrade is not feasible, a targeted workaround is to blacklist or unload the vidtv kernel module, as it is a virtual test driver not required in production: add 'blacklist vidtv' to /etc/modprobe.d/blacklist.conf and run 'modprobe -r vidtv' to unload it immediately. This has no operational impact on systems not using DVB test tooling. Note that the vidtv module may be loaded automatically if media testing frameworks are active - confirm with 'lsmod | grep vidtv'. No side effects are expected from disabling this virtual driver in non-test environments.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed

Share

EUVD-2026-26751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy