CVE-2026-43072 - Vulnerability Details

- drm/vc4: platform_get_irq_byname() returns an int

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: platform_get_irq_byname() returns an int

platform_get_irq_byname() will return a negative value if an error
happens, so it should be checked and not just passed directly into
devm_request_threaded_irq() hoping all will be ok.

Published: 2026-05-05

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel function platform_get_irq_byname returns a negative code when an error occurs. The current implementation assumes a non‑negative value and passes the result directly to devm_request_threaded_irq. This omission can cause the driver to be registered with an invalid IRQ number, leading to unexpected kernel behavior, driver failures, or system crashes. The flaw represents a failure to validate return values, which may expose the system to denial‑of‑service conditions or other unintended states.

Affected Systems

All Linux kernel releases that include the drm/vc4 driver and rely on platform_get_irq_byname without the error check are affected. The vendors impacted are Linux, product Linux kernel. No specific version range is listed, so any kernel that compiles the vcs driver before the fix is considered vulnerable.

Risk and Exploitability

The CVSS score is not disclosed and EPSS is not available, making quantitative risk assessment difficult. The vulnerability is listed in no KEV catalog, indicating no known widespread exploitation. Exploitation would require an actor able to influence the device initialization path, typically through a custom or malicious kernel module or by altering the hardware configuration to trigger the problematic code. While a local attacker with kernel module load capability could induce a crash or denial of service, remote exploitation is unlikely without additional vectors.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 63c11b19cdc154fa848a6c3b535bfb1dc7b60378
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ef2ee9db13b68c5e332b77c0a7108a2d4d56e114
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 0185e0494a561edfc482507f9de89c2ad798b33d
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9c10b83a004442c93d7a484c3d221a06a45821e1
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 0c1b117f7ba46fb8f6ebc5e0bfe5b58568c301ba
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< e597a809a2b97e927060ba182f58eb3e6101bc70

Linux

affected

Version	Status	Constraints
`6.6.136`	unaffected	≤ 6.6.*
`6.12.83`	unaffected	≤ 6.12.*
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0.1`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,63c11b19cdc154fa848a6c3b535bfb1dc7b60378)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ef2ee9db13b68c5e332b77c0a7108a2d4d56e114)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0185e0494a561edfc482507f9de89c2ad798b33d)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9c10b83a004442c93d7a484c3d221a06a45821e1)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0c1b117f7ba46fb8f6ebc5e0bfe5b58568c301ba)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e597a809a2b97e927060ba182f58eb3e6101bc70)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.6.136,6.7.0)`	unaffected	semver	—
`[6.12.83,6.13.0)`	unaffected	semver	—
`[6.18.24,6.19.0)`	unaffected	semver	—
`[7.0.1,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[6.12.83,6.13.0)`	unaffected	semver	—
`[6.18.24,6.19.0)`	unaffected	semver	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[7.0.1,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that contains the patch correcting the error check in platform_get_irq_byname.
If an upgrade is not immediately possible, modify the driver code or the init sequence so that any negative return value from platform_get_irq_byname is verified before forwarding it to devm_request_threaded_irq.
Implement kernel hardening measures such as module signing, restricting module load permissions, or applying system integrity runtime checks to reduce the window in which a malicious driver could be loaded and activated.

Generated by OpenCVE AI on May 5, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0185e0494a561edfc482507f9de89c2ad798b33d
https://git.kernel.org/stable/c/0c1b117f7ba46fb8f6ebc5e0bfe5b58568c301ba
https://git.kernel.org/stable/c/63c11b19cdc154fa848a6c3b535bfb1dc7b60378
https://git.kernel.org/stable/c/9c10b83a004442c93d7a484c3d221a06a45821e1
https://git.kernel.org/stable/c/e597a809a2b97e927060ba182f58eb3e6101bc70
https://git.kernel.org/stable/c/ef2ee9db13b68c5e332b77c0a7108a2d4d56e114

History

Tue, 05 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-703

Tue, 05 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platform_get_irq_byname() returns an int platform_get_irq_byname() will return a negative value if an error happens, so it should be checked and not just passed directly into devm_request_threaded_irq() hoping all will be ok.
Title		drm/vc4: platform_get_irq_byname() returns an int
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0185e0494a561edfc482507f9de89c2ad798b33d https://git.kernel.org/stable/c/0c1b117f7ba46fb8f6ebc5e0bfe5b58568c301ba https://git.kernel.org/stable/c/63c11b19cdc154fa848a6c3b535bfb1dc7b60378 https://git.kernel.org/stable/c/9c10b83a004442c93d7a484c3d221a06a45821e1 https://git.kernel.org/stable/c/e597a809a2b97e927060ba182f58eb3e6101bc70 https://git.kernel.org/stable/c/ef2ee9db13b68c5e332b77c0a7108a2d4d56e114

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-05T15:29:28.795Z

Updated: 2026-05-05T15:29:28.795Z

Reserved: 2026-05-01T14:12:55.982Z

Link: CVE-2026-43072

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-05T16:16:16.540

Modified: 2026-05-05T16:16:16.540

Link: CVE-2026-43072

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-05T19:00:11Z

Weaknesses

CWE-703

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object