Linux Kernel Media Function Vulnerability in vidtv by The Linux Foundation
CVE-2026-43058

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 2 May 2026

What is CVE-2026-43058?

A vulnerability exists within the Linux kernel's media subsystem, particularly in the vidtv functions. The functions vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() are affected as they take their argument structs by value, which can trigger uninitialized value warnings reported by the Memory Sanitizer (MSAN). Although only vidtv_ts_null_write_into() has been documented to cause such reports thus far, both functions share this underlying issue. The vulnerability has been addressed by altering the parameter passing method to use const pointers instead of passing by value. This change prevents unnecessary stack copying of the struct and maintains the integrity of the MSAN shadow and origin metadata.

Affected Version(s)

Linux f90cf6079bf67988f8b1ad1ade70fc89d0080905

Linux f90cf6079bf67988f8b1ad1ade70fc89d0080905 < 6d75a9ec5bdb8cf8382eaf8f8fe831ba7d58a9d4

References

https://git.kernel.org/stable/c/e3957eb26a3d570aefc6bb184...

https://git.kernel.org/stable/c/be57e52e27c7cbfb400a8f255...

https://git.kernel.org/stable/c/6d75a9ec5bdb8cf8382eaf8f8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43058 Data

JSON