CVE-2026-43162 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

media: tegra-video: Fix memory leak in __tegra_channel_try_format()

The state object allocated by __v4l2_subdev_state_alloc() must be freed
with __v4l2_subdev_state_free() when it is no longer needed.

In __tegra_channel_try_format(), two error paths return directly after
v4l2_subdev_call() fails, without freeing the allocated 'sd_state'
object. This violates the requirement and causes a memory leak.

Fix this by introducing a cleanup label and using goto statements in the
error paths to ensure that __v4l2_subdev_state_free() is always called
before the function returns.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< 6c6f419fa9c44a4b7149b0292e01bff47308ba14
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< ca921be7a1174d5d58b28f84b683c2c0079f18c5
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< 3ca2f09061736e72ef25eec2597d00f7f44094d3
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< 2dff8966a3a889dd9d248a7e15d963b4097efcc5
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a
`1ebaeb09830f36c1111b72a95420814225bd761c`	affected	< 43e5302d22334f1183dec3e0d5d8007eefe2817c

Linux

affected

Version	Status	Constraints
`5.10`	affected	—
`0`	unaffected	< 5.10
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2dff8966a3a889dd9d248a7e15d963b4097efcc5
https://git.kernel.org/stable/c/3ca2f09061736e72ef25eec2597d00f7f44094d3
https://git.kernel.org/stable/c/43e5302d22334f1183dec3e0d5d8007eefe2817c
https://git.kernel.org/stable/c/6c6f419fa9c44a4b7149b0292e01bff47308ba14
https://git.kernel.org/stable/c/ca921be7a1174d5d58b28f84b683c2c0079f18c5
https://git.kernel.org/stable/c/d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a
https://lore.kernel.org/linux-cve-announce/2026050632-CVE-2026-43162-7fcc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43162
https://www.cve.org/CVERecord?id=CVE-2026-43162

History

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050632-CVE-2026-43162-7fcc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43162 https://www.cve.org/CVERecord?id=CVE-2026-43162

Wed, 06 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-754

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in __tegra_channel_try_format() The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed. In __tegra_channel_try_format(), two error paths return directly after v4l2_subdev_call() fails, without freeing the allocated 'sd_state' object. This violates the requirement and causes a memory leak. Fix this by introducing a cleanup label and using goto statements in the error paths to ensure that __v4l2_subdev_state_free() is always called before the function returns.
Title		media: tegra-video: Fix memory leak in __tegra_channel_try_format()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2dff8966a3a889dd9d248a7e15d963b4097efcc5 https://git.kernel.org/stable/c/3ca2f09061736e72ef25eec2597d00f7f44094d3 https://git.kernel.org/stable/c/43e5302d22334f1183dec3e0d5d8007eefe2817c https://git.kernel.org/stable/c/6c6f419fa9c44a4b7149b0292e01bff47308ba14 https://git.kernel.org/stable/c/ca921be7a1174d5d58b28f84b683c2c0079f18c5 https://git.kernel.org/stable/c/d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:40.580Z

Updated: 2026-05-06T11:27:40.580Z

Reserved: 2026-05-01T14:12:55.990Z

Link: CVE-2026-43162

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:34.280

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43162

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43162 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-06T16:15:06Z

Weaknesses

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object