5.5

CVE-2026-43142

EPSS 0.01%
Veröffentlicht 06.05.2026 11:27:26
Zuletzt bearbeitet 13.05.2026 18:41:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

media: iris: gen1: Destroy internal buffers after FW releases

In the Linux kernel, the following vulnerability has been resolved:

media: iris: gen1: Destroy internal buffers after FW releases

After the firmware releases internal buffers, the driver was not
destroying them. This left stale allocations that were no longer used,
especially across resolution changes where new buffers are allocated per
the updated requirements. As a result, memory was wasted until session
close.

Destroy internal buffers once the release response is received from the
firmware.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.15 < 6.18.16

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/7cde76db8883ec8a3d1456068079ecadbfb15ca5

Patch

https://git.kernel.org/stable/c/d4457f23ac0130240053a34be663f0fade3bb371

Patch

https://git.kernel.org/stable/c/1dabf00ee206eceb0f08a1fe5d1ce635f9064338

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-43142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43142

EUVD