Skip to main content

Linux Kernel EUVDEUVD-2026-27701

| CVE-2026-43142 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-cq62-68rx-vm58
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:56 vuln.today
CVSS changed
May 13, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: iris: gen1: Destroy internal buffers after FW releases

After the firmware releases internal buffers, the driver was not destroying them. This left stale allocations that were no longer used, especially across resolution changes where new buffers are allocated per the updated requirements. As a result, memory was wasted until session close.

Destroy internal buffers once the release response is received from the firmware.

AnalysisAI

Memory exhaustion in the Linux kernel's iris gen1 media driver allows a local low-privileged user to progressively consume kernel memory until session close, causing a denial of service. The iris driver fails to destroy internal firmware-managed buffers upon receiving the firmware release response, with the leak compounding across video resolution changes as each change allocates new buffers without reclaiming the prior set. No public exploit exists and EPSS sits at the 4th percentile, indicating negligible opportunistic exploitation risk; impact is limited to availability on systems with iris-compatible media hardware.

Technical ContextAI

The iris driver is a V4L2 media subsystem component in the Linux kernel that implements hardware-accelerated video codec operations by coordinating with dedicated firmware. Internal buffers are lifecycle-managed across firmware request/response message pairs: the driver requests buffer allocation or release, and the firmware acknowledges. The root cause (CWE-401: Missing Release of Memory after Effective Lifetime) is the absence of a destroy call in the firmware release-response handler - stale kernel memory allocations persist until the entire video session is closed. CPE cpe:2.3:a:linux:linux identifies the upstream Linux kernel as the affected codebase. Resolution changes are particularly impactful because each change re-allocates buffers to match new frame dimensions, stacking unreleased allocations session-wide. The vulnerability was introduced at commit 73702f45db81b74897b2808aaa13484826156006 and is corrected by three stable-tree cherry-picks.

RemediationAI

Upgrade to Linux kernel 6.18.16, 6.19.6, or 7.0, which contain the fix for this memory leak. The upstream fix commits are available at https://git.kernel.org/stable/c/7cde76db8883ec8a3d1456068079ecadbfb15ca5 (6.19 branch), https://git.kernel.org/stable/c/d4457f23ac0130240053a34be663f0fade3bb371 (6.18 branch), and https://git.kernel.org/stable/c/1dabf00ee206eceb0f08a1fe5d1ce635f9064338 (6.15 branch). For systems where a kernel update is not immediately feasible, unloading the iris media kernel module eliminates the vulnerable code path entirely; the trade-off is loss of iris hardware-accelerated video codec functionality. Alternatively, restricting access to video device nodes (e.g., tightening permissions on /dev/video* entries associated with iris hardware) limits which local users can trigger the leak, reducing but not eliminating exposure. Red Hat and SUSE subscribers should monitor their respective security advisories for distribution-specific backport availability.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy