Skip to main content

Linux Kernel EUVDEUVD-2026-27618

| CVE-2026-43104 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 17:37 vuln.today
CVSS changed
May 11, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix a memory leak in hang state error path

When vc4_save_hang_state() encounters an early return condition, it returns without freeing the previously allocated kernel_state, leaking memory.

Add the missing kfree() calls by consolidating the early return paths into a single place.

AnalysisAI

Memory leak in the Linux kernel's vc4 DRM driver allows local authenticated attackers to cause denial of service via memory exhaustion in hang state error handling. The vc4_save_hang_state() function fails to free allocated kernel_state memory on early return paths, enabling a local user with limited privileges to trigger repeated memory leaks and degrade system availability.

Technical ContextAI

The vulnerability exists in the VideoCore IV (vc4) Direct Rendering Manager (DRM) subsystem of the Linux kernel. The vc4_save_hang_state() function allocates memory for kernel_state but fails to properly deallocate this memory when certain early return conditions are encountered. This is a classic memory leak vulnerability (CWE-401: Missing Release of Memory after Effective Lifetime) where dynamically allocated kernel memory is not freed, allowing an attacker to exhaust kernel memory pools over repeated invocations. The fix consolidates early return paths and adds missing kfree() calls to ensure proper cleanup before exiting the function.

RemediationAI

Apply the vendor-released patch from the stable branch corresponding to your kernel version: kernel 6.6.136 or later, 6.12.83 or later, 6.18.24 or later, 6.19.14 or later, or 7.0 or later for mainline. The fix can be obtained from the Linux kernel stable repository at the commit hashes provided in references (dd5c49787a32da96a2b154427eb17cbf12a83c28, d8fdd6adc07b78ad3e9ee0004876d90cb59ca941, e352e9adc9f6df54d63150ff832f71c04e30744b, and 3eb7dd55021d0f4308fbea0bea21d2118984d8e7). Compile and install the patched kernel version for your system. If immediate patching is not possible, restrict local user access on systems with vc4 hardware acceleration or disable DRM vc4 driver support (if graphics are not required) via kernel configuration. Note that local user accounts are typically low-risk in production environments, mitigating real-world impact.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27618 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy