Skip to main content

Linux Kernel EUVDEUVD-2026-27376

| CVE-2026-43072 MEDIUM
2026-05-05 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 29, 2026 - 20:17 vuln.today
CVSS changed
May 29, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 05, 2026 - 17:31 EUVD
CVE Published
May 05, 2026 - 15:29 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: platform_get_irq_byname() returns an int

platform_get_irq_byname() will return a negative value if an error happens, so it should be checked and not just passed directly into devm_request_threaded_irq() hoping all will be ok.

AnalysisAI

Unchecked return value in the drm/vc4 DRM driver allows a local low-privileged user to cause a kernel crash and denial of service on systems equipped with Broadcom VideoCore 4 GPU hardware. The driver's initialization path passes the return value of platform_get_irq_byname() - which returns a negative errno on failure - directly into devm_request_threaded_irq() without validation, causing undefined kernel behavior when IRQ resource lookup fails. No public exploit exists and EPSS is 0.02% (7th percentile), but unpatched systems running the vc4 module (primarily Raspberry Pi devices) remain susceptible to local DoS via kernel crash.

Technical ContextAI

The vc4 driver (drivers/gpu/drm/vc4/) is the Linux DRM subsystem driver for Broadcom's VideoCore 4 GPU, the graphics engine embedded in Raspberry Pi SoCs. The kernel API function platform_get_irq_byname() retrieves a named interrupt resource from a platform device and returns the IRQ number as a positive integer on success or a negative errno (e.g., -ENODEV, -EINVAL) on failure. The defect is an unchecked return value pattern: the negative error code is silently forwarded as an argument to devm_request_threaded_irq(), which expects a valid non-negative IRQ number. This misuse of the API leads to a kernel oops or panic during driver probe, equivalent in class to CWE-252 (Unchecked Return Value). No CWE was assigned by NVD. The CPE (cpe:2.3:a:linux:linux:*) covers the full Linux kernel tree across all stable series, with the bug present from the initial git commit (1da177e4c3f41524e886b7f1b8a0c1fc7321cac2) through the respective fix commits in each stable branch.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched stable release: 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, or 7.1-rc1. Individual stable-branch fix commits are available directly from the kernel stable tree at https://git.kernel.org/stable/c/63c11b19cdc154fa848a6c3b535bfb1dc7b60378 (6.6 branch), https://git.kernel.org/stable/c/ef2ee9db13b68c5e332b77c0a7108a2d4d56e114, https://git.kernel.org/stable/c/0185e0494a561edfc482507f9de89c2ad798b33d, https://git.kernel.org/stable/c/9c10b83a004442c93d7a484c3d221a06a45821e1, https://git.kernel.org/stable/c/0c1b117f7ba46fb8f6ebc5e0bfe5b58568c301ba, and https://git.kernel.org/stable/c/e597a809a2b97e927060ba182f58eb3e6101bc70. As a compensating control where kernel upgrades cannot be applied immediately, adding 'blacklist vc4' to /etc/modprobe.d/vc4-blacklist.conf and rebooting will prevent the vulnerable driver from loading entirely; the trade-off is complete loss of VideoCore 4 GPU acceleration and display output, which is significant on Raspberry Pi deployments dependent on the GPU for desktop rendering or hardware video decode.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed

Share

EUVD-2026-27376 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy