CVE-2026-43058
Description
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix pass-by-value structs causing MSAN warnings
vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtv_ts_null_write_into() has triggered a report so far, both functions share the same issue.
Fix by passing both structs by const pointer instead, avoiding the stack copy of the struct along with its MSAN shadow and origin metadata. The functions do not modify the structs, which is enforced by the const qualifier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pass-by-value structs in Linux kernel's vidtv driver cause MSAN uninit-value warnings, fixed by converting to const-pointer parameters.
Vulnerability
Analysis In the Linux kernel's media subsystem, the vidtv driver contains functions vidtv_ts_null_write_into and vidtv_ts_pcr_write_into that take struct arguments by value. This causes MSAN (Memory Sanitizer) to report uninitialized value warnings because the stack copy includes shadow and origin metadata that may not be fully initialized [1].
Exploitation and
Attack Surface This issue is a code quality problem rather than a directly exploitable vulnerability; it results in false positive reports from MSAN. The functions do not modify the structs, so passing them by const pointer avoids unnecessary stack copies and eliminates the spurious warnings [1].
Impact and
Mitigation Although no runtime security impact has been demonstrated, the MSAN warnings could mask genuine uninitialized memory issues during testing. The kernel community fixed the issue by changing both functions to accept const pointers instead of pass-by-value, backported to multiple stable kernel branches [1][2][3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/1b2820c8a9887981634020db19f1a2425558b88envd
- git.kernel.org/stable/c/57b01d945ed68cebe486d495dadc4901a96d3aaanvd
- git.kernel.org/stable/c/5f8e73bde67e931468bc2a1860d78d72f0c6ba41nvd
- git.kernel.org/stable/c/6d75a9ec5bdb8cf8382eaf8f8fe831ba7d58a9d4nvd
- git.kernel.org/stable/c/be57e52e27c7cbfb400a8f255e475cbcff242baanvd
- git.kernel.org/stable/c/e3957eb26a3d570aefc6bb184fa8b8a1e9a4e508nvd
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026