CVE-2026-43202
Description
In the Linux kernel, the following vulnerability has been resolved:
fbdev: vt8500lcdfb: fix missing dma_free_coherent()
fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed if the error path is reached.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The vt8500lcdfb driver in the Linux kernel fails to call dma_free_coherent() on error, causing a memory leak that can lead to denial of service.
Vulnerability
Overview
In the Linux kernel's framebuffer subsystem, the vt8500lcdfb driver allocates a coherent DMA buffer for fbi->fb.screen_buffer via dma_alloc_coherent() but does not free it when an error is encountered during initialization. This oversight results in a memory leak that persists until the system is rebooted [1][2][3][4].
Exploitation
An attacker with the ability to load or trigger the vt8500lcdfb driver (e.g., by inserting the module or causing an error during boot) can repeatedly invoke the leaking code path. No special privileges are required beyond local access to the affected kernel module. The error path is typically reached when hardware initialization fails, making this a locally exploitable condition.
Impact
The vulnerability leads to a gradual exhaustion of DMA-coherent memory, which can degrade system performance and ultimately cause a denial of service (DoS) if critical allocations fail. The CVSS v3 severity is 5.5 (Medium), reflecting the local attack vector and the availability impact.
Mitigation
The Linux kernel stable tree has released patches that add the missing dma_free_coherent() call in the error path [1][2][3][4]. Users should apply these patches or update to a kernel version where the fix is included.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/2cd2f988a8bd2da227f5c3cfa0cbf3a9a287ddc3nvdPatch
- git.kernel.org/stable/c/40c1ff25025150ff6d7ec7ad441fcfd6d070ee76nvdPatch
- git.kernel.org/stable/c/778f31be5b8c10024db23fdd8a05f68a02311008nvdPatch
- git.kernel.org/stable/c/88b3b9924337336a31cefbe99a22ed09401be74anvdPatch
- git.kernel.org/stable/c/9a9bc60ed372aaae9784ff8ad8e5f496ff15fd31nvdPatch
- git.kernel.org/stable/c/9c3873cccb3fab54cde0605ae7093d332c99073envdPatch
- git.kernel.org/stable/c/e8c5d5f6cd66e032f9aefdcc21b0c34761aef78anvdPatch
- git.kernel.org/stable/c/f47d5b9e8aa6178a0aaf225119ad1ec7d3f49876nvdPatch
News mentions
0No linked articles in our index yet.