CVE-2026-43135

Vulnerability

Overview

In the Linux kernel's cx23885 media driver, the snd_cx23885_hw_params() function in the ALSA audio component fails to call cx23885_alsa_dma_unmap() on error paths. This missing cleanup means that when a DMA mapping operation succeeds but a subsequent step fails, the previously mapped DMA resources are not released [1].

Exploitation and

Attack Surface

The vulnerability is triggered during audio parameter configuration for cx23885-based capture devices. An attacker would need local access to the system and the ability to trigger an error condition in the audio subsystem, for example by providing invalid hardware parameters or causing a memory allocation failure. No special privileges beyond the ability to open the ALSA device are required, but the attack surface is limited to systems with the cx23885 hardware present and the corresponding kernel module loaded [2].

Impact

If exploited, the missing DMA unmap leads to a resource leak. Over repeated trigger attempts, this can exhaust DMA mapping resources, potentially causing memory corruption or system instability. The CVSS v3 score of 5.5 (Medium) reflects the requirement for local access and the potential for denial of service [3].

Mitigation

The fix has been applied in the Linux kernel stable tree, adding the missing cx23885_alsa_dma_unmap() call in the error path of snd_cx23885_hw_params(). Users should update to a kernel version containing this commit to prevent the resource leak [4].