VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 13, 2026

CVE-2026-43146

CVE-2026-43146

Description

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Add buffer to list only after successful allocation

Move list_add_tail() to after dma_alloc_attrs() succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers->list before the DMA allocation. If the allocation failed, the function returned -ENOMEM while leaving a partially initialized buffer in the list, which could lead to inconsistent state and potential leaks.

By adding the buffer to the list only after dma_alloc_attrs() succeeds, we ensure the list contains only valid, fully initialized buffers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's media/iris driver, a buffer is added to an internal list before DMA allocation succeeds, leading to potential memory leaks or system instability on allocation failure.

Vulnerability

Analysis

The CVE-2026-43146 describes a bug in the Linux kernel's media/iris driver where internal buffer creation adds a buffer to the buffers->list before verifying whether dma_alloc_attrs() succeeds. If the DMA allocation fails, the function returns -ENOMEM but the partially initialized buffer remains on the list, leading to an inconsistent state and potential memory leaks [1][2].

Exploitation

A local user or process that can interact with the media/iris subsystem (e.g., through device nodes) could trigger the allocation failure, causing list corruption. No special privileges beyond local access are required to reach the vulnerable code path.

Impact

An attacker could cause memory leaks by leaving dangling pointers in the list, or potentially trigger a denial of service by exhausting memory or causing undefined behavior on subsequent list operations. The CVSS v3 score of 5.5 indicates a medium-severity issue limited to local exploitation.

Mitigation

The fix ensures that list_add_tail() is called only after a successful DMA allocation. The patch has been applied to the stable kernel tree [3]. Users should update to the latest kernel version that includes this commit.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.15,<6.18.16
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.