Memory Leak Vulnerability in Linux Kernel's VC4 Driver
CVE-2026-43105

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43105?

A vulnerability was identified in the Linux kernel VC4 driver regarding a memory leak of the Buffer Object (BO) array during hang state management. In the vc4_save_hang_state() function, the BO array is allocated using kzalloc() but is never freed in the vc4_free_hang_state() function. This oversight can lead to unnecessary memory retention, potentially causing performance issues and resource exhaustion in long-running applications. The fix involves adding a kfree() call to properly deallocate the BO array before freeing the hang state structure.

Affected Version(s)

Linux 214613656b5179f0daab6e0a080814b5100d45f0

Linux 214613656b5179f0daab6e0a080814b5100d45f0 < 0d3c014a84396a147705f523a8fd6fc873e76502

Linux 214613656b5179f0daab6e0a080814b5100d45f0 < 421cea4f71f7cf65abaae878562ee4aa2b684628

References

https://git.kernel.org/stable/c/a812008fe3a0aebb778d277b3...

https://git.kernel.org/stable/c/0d3c014a84396a147705f523a...

https://git.kernel.org/stable/c/421cea4f71f7cf65abaae8785...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43105 Data

JSON