CVE-2026-43105
Published: May 9, 2026Last modified: June 2, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the missing kfree() for the BO array before freeing the hang state struct.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.175-r0) |
| 25 LTS | linux-lts | Fixed (6.12.85-r0) | |
| Stream | linux-lts | Fixed (6.12.85-r0) |
References
- https://git.kernel.org/stable/c/0d3c014a84396a147705f523a8fd6fc873e76502
- https://git.kernel.org/stable/c/421cea4f71f7cf65abaae878562ee4aa2b684628
- https://git.kernel.org/stable/c/686bb2fce082f043db50db02b5de5c64ca4dc4c4
- https://git.kernel.org/stable/c/7235fc096ece53211bd2c0e958c65f9b802aeb98
- https://git.kernel.org/stable/c/9c092941fc1d00933bcb46ecac1cb930db3abf5d
- https://git.kernel.org/stable/c/a812008fe3a0aebb778d277b35717f64e23d0302
- https://git.kernel.org/stable/c/b8138567c4a80fd76a647849ebd4284996cf4b17
- https://git.kernel.org/stable/c/f4dfd6847b3e5d24e336bca6057485116d17aea4