Skip to main content

Linux Kernel EUVDEUVD-2026-27716

| CVE-2026-43155 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-cjv4-23g7-c427
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 12:00 vuln.today
CVSS changed
May 13, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mux: mmio: fix regmap leak on probe failure

The mmio regmap that may be allocated during probe is never freed.

Switch to using the device managed allocator so that the regmap is released on probe failures (e.g. probe deferral) and on driver unbind.

AnalysisAI

Memory leak in the Linux kernel's MMIO mux driver (mux/mmio subsystem) causes kernel memory exhaustion under local access conditions. The mmio regmap allocated during device probe is never released on probe failure paths or driver unbind, resulting in cumulative memory loss that can degrade availability. No active exploitation is confirmed (not in CISA KEV), and EPSS at 0.02% (4th percentile) reflects minimal real-world exploitation interest, consistent with the local-only attack vector and narrow hardware dependency.

Technical ContextAI

The vulnerability resides in drivers/mux/mmio.c, the memory-mapped I/O multiplexer driver within the Linux kernel's mux subsystem. During the probe() routine, the driver may allocate a regmap (register map abstraction layer) to interface with MMIO-based hardware multiplexers. CWE-401 (Missing Release of Memory after Effective Lifetime) is the root cause: when probe fails - for example, due to probe deferral awaiting a dependency - or when the driver is unbound, the allocated regmap is not freed, leaking kernel heap memory. The fix, introduced via upstream commits 3c4ae63073d84abee5d81ce46d86a94e9dae9c89, 76096f156fe9dc9fbd6e4618088706e91b9b0a6c, and cbde3c109d52564ae2c12e514c33c44345e84b2c, replaces manual allocation with device-managed (devm_*) allocators that automatically release resources when the device is detached or probe exits abnormally. CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* covers the affected kernel tree.

RemediationAI

Upgrade to Linux kernel 7.0, 6.19.6, or 6.18.16, which incorporate the upstream fixes available at https://git.kernel.org/stable/c/3c4ae63073d84abee5d81ce46d86a94e9dae9c89, https://git.kernel.org/stable/c/76096f156fe9dc9fbd6e4618088706e91b9b0a6c, and https://git.kernel.org/stable/c/cbde3c109d52564ae2c12e514c33c44345e84b2c respectively. Red Hat and SUSE users should monitor their respective security advisories for distribution-packaged kernel updates. If immediate patching is not feasible, a compensating control is to disable or blacklist the mux-mmio kernel module (modprobe -r mux-mmio and adding it to /etc/modprobe.d/blacklist.conf) on systems where MMIO mux hardware is not present or required - note this will break any hardware dependent on that driver. Additionally, restricting untrusted local user access to kernel hotplug and device bind/unbind interfaces via udev rules or reduced sysfs permissions limits the ability to trigger repeated probe cycles that accumulate the leak.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27716 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy