Reference Leak Vulnerability in Linux Kernel Affecting Media Components
CVE-2026-43270

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43270?

A reference leak vulnerability in the Linux kernel's media subsystem has been identified, specifically within the mtk-mdp component. This issue arises in the mtk_mdp_probe() function, where the reference count for a platform device is improperly managed. When vpu_get_plat_device() is invoked, it increments the reference count without a corresponding release—resulting in a reference leak. To address this, the implementation of platform_device_put() is necessary to ensure proper reference handling and prevent the leak.

Affected Version(s)

Linux c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a < 403b7c757ac9f6b2ffb7d00ff4795a245f5e8911

Linux c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a

References

https://git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff...

https://git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8...

https://git.kernel.org/stable/c/c44beed2e5caf2cbbe651432b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43270 Data

JSON