CVE-2026-43270
Description
In the Linux kernel, the following vulnerability has been resolved:
media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
In mtk_mdp_probe(), vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's mtk-mdp driver, mtk_mdp_remove() fails to release a reference obtained by vpu_get_plat_device(), causing a memory leak.
Vulnerability
Description
In the Linux kernel's MediaTek MDP (Media Data Path) driver, the mtk_mdp_remove() function fails to properly release a reference count. During driver initialization (mtk_mdp_probe()), the function vpu_get_plat_device() is called, which increments the reference count of the returned platform device. However, the corresponding platform_device_put() call is missing in the removal path, leading to a reference leak [1][2].
Root
Cause and Exploitation
The root cause is a missing decrement of the device reference count in the driver's remove callback. This is a classic reference leak bug that occurs when the driver is unloaded or when the device is removed. No special privileges or network access are required; the vulnerability is triggered by normal driver lifecycle operations, such as module unloading or device unbinding.
Impact
An attacker with the ability to trigger driver removal (e.g., by physically removing the device or by unloading the kernel module) can cause the reference count to leak. Over repeated removal cycles, this can lead to memory exhaustion, denial of service, or system instability. The CVSS v3 score of 5.5 (Medium) reflects the local nature and the potential for resource exhaustion.
Mitigation
The fix adds a call to platform_device_put() in mtk_mdp_remove() to balance the reference count. The patch has been applied to the Linux kernel stable tree [3][4]. Users should update to a kernel version containing this fix to prevent the leak.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/2d93758f42a57f3485534eab858b308e41653de4nvdPatch
- git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff4795a245f5e8911nvdPatch
- git.kernel.org/stable/c/4f2a51433a3a65d16975d1e32052d80656da077dnvdPatch
- git.kernel.org/stable/c/564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5dnvdPatch
- git.kernel.org/stable/c/a62ba5aa9ee95fd953583e95e519badf0b76ecf3nvdPatch
- git.kernel.org/stable/c/c44beed2e5caf2cbbe651432baa3a129f18b0169nvdPatch
- git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8eb2107419c7988fnvdPatch
- git.kernel.org/stable/c/f128bab57b8018e526b7eda854ca20069863af47nvdPatch
News mentions
0No linked articles in our index yet.