VYPR
← All advisories
Unrated severityNVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-45954

CVE-2026-45954

Description

In the Linux kernel, the following vulnerability has been resolved:

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

In au1200fb_drv_probe(), when platform_get_irq fails(), it directly returns from the function with an error code, which causes a memory leak.

Replace it with a goto label to ensure proper cleanup.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in au1200fb_drv_probe() when platform_get_irq fails; fixed by adding proper cleanup via a goto label.

Vulnerability

In the Linux kernel, a memory leak occurs in the au1200fb driver's probe function (au1200fb_drv_probe()) when the call to platform_get_irq() fails. The function returns the error code directly without freeing previously allocated memory. This affects kernels before the commit that introduces the fix.

Exploitation

An attacker would need to trigger a failure of platform_get_irq() in the probe path. This could be achieved by manipulating the platform device's IRQ resource (e.g., removing or corrupting the IRQ entry in device tree or ACPI tables) or by causing memory allocation failures that prevent platform_get_irq from succeeding. No special privileges are required beyond the ability to cause the driver to probe (e.g., hotplug or module loading).

Impact

On successful exploitation, a memory leak occurs, leading to gradual depletion of kernel memory. This could result in denial of service (system instability or crash) if the probe is repeatedly triggered (e.g., via device hotplug cycles). The leak does not directly allow code execution or privilege escalation.

Mitigation

The fix [1] was committed to the Linux kernel stable tree. Users should update to a kernel version containing commit b024a8efee0f55d330a1cdd3eac8f79ac5acd3be or later. No workaround is available; the affected driver must be disabled or the kernel patched.

References
  1. Making sure you're not a bot!

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

16
ce4e25198a6a

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 7.0via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
762a26818934

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 6.12.75via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
bd1ad63e11b2

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 6.1.165via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index fd3ff398d234a9..f55f3380f17e5f 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index fd3ff398d234a9..f55f3380f17e5f 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
b024a8efee0f

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 6.19.4via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
3e5349e54113

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 6.6.128via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index c137d6afe4840c..1b05dfbd5195e6 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index c137d6afe4840c..1b05dfbd5195e6 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
81831d56b723

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 5.10.252via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
071d8fb757a8

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 5.15.202via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
3d4202ee6494

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitFelix GuFixed in 6.18.14via kernel-cna
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
762a26818934

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
071d8fb757a8

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
bd1ad63e11b2

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index fd3ff398d234a9..f55f3380f17e5f 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index fd3ff398d234a9..f55f3380f17e5f 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
ce4e25198a6a

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
3d4202ee6494

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
3e5349e54113

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index c137d6afe4840c..1b05dfbd5195e6 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index c137d6afe4840c..1b05dfbd5195e6 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
81831d56b723

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index 80f54111baec17..ec1d86f253904d 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1732,8 +1732,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
b024a8efee0f

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitFelix Guvia nvd-ref
commit
2 files changed · +8 6
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg
  • drivers/video/fbdev/au1200fb.c+4 3 modified
    diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index ed770222660b51..685e629e7e1642 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1724,8 +1724,10 @@ static int au1200fb_drv_probe(struct platform_device *dev)
 
 	/* Now hook interrupt too */
 	irq = platform_get_irq(dev, 0);
-	if (irq < 0)
-		return irq;
+	if (irq < 0) {
+		ret = irq;
+		goto failed;
+	}
 
 	ret = request_irq(irq, au1200fb_handle_irq,
 			  IRQF_SHARED, "lcd", (void *)dev);
-- 
cgit 1.3-korg

Vulnerability mechanics

Root cause

"Missing error-path cleanup: a direct return on platform_get_irq failure skips the goto label that frees previously allocated framebuffer memory."

Attack vector

An attacker would need to trigger a probe of the au1200fb framebuffer device on a system where `platform_get_irq()` fails (e.g., due to missing or malformed device-tree/ACPI IRQ configuration). When the IRQ lookup fails, the original code returned immediately with the error code, skipping the `failed` cleanup label and leaking previously allocated framebuffer memory [patch_id=2661039]. This is a local memory leak triggered during driver initialization; no network path or special privileges beyond the ability to cause the device to probe are required.

Affected code

The vulnerability is in `drivers/video/fbdev/au1200fb.c` within the `au1200fb_drv_probe()` function. The error path for `platform_get_irq()` failure at line ~1724 (varies by kernel version) returned directly without cleanup.

What the fix does

The patch replaces the direct `return irq;` with `ret = irq; goto failed;` so that when `platform_get_irq()` fails, execution jumps to the existing `failed` label which properly releases previously allocated resources (e.g., framebuffer memory). This ensures the error path is consistent with other error exits in the same function [patch_id=2661039].

Preconditions

  • configThe au1200fb driver must be built into the kernel or loaded as a module on a system where the platform device exists but the IRQ cannot be obtained (e.g., missing or invalid IRQ resource).
  • authNo special privileges required beyond the ability to trigger device probe (e.g., booting the system or hot-plugging the device).

Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.