Description
In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix memory leak of BO array in hang state

The hang state's BO array is allocated separately with kzalloc() in
vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the
missing kfree() for the BO array before freeing the hang state struct.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel drm/vc4 driver allocates an array of buffer objects (BOs) when a hang state is captured using kzalloc(), but this array is never freed when the hang state is released, resulting in a memory leak. This resource exhaustion condition (CWE‑401) along with the unreleased resource (CWE‑772) can cause kernel memory to be depleted over time, leading to an unresponsive system or reboot. The impact is a denial‑of‑service via uncontrolled memory consumption.

Affected Systems

All Linux kernel releases that include the drm/vc4 driver and were built before the commit that adds the missing kfree() are potentially affected. No specific version range is supplied; therefore, any kernel with a hang‑state routine in the vc4 driver that does not contain this defensive free is vulnerable.

Risk and Exploitability

The advisory indicates an EPSS score of less than 1 % and lists no entry in CISA’s KEV catalog, suggesting a low likelihood of exploitation. An attacker would need to successfully trigger or induce multiple hang states to cause the cumulative leak, which may require privilege or access to the device. If the conditions are met, the loss of kernel memory could render the system unusable. The overall risk is considered moderate in severity but limited by the low exploitation probability.

Generated by OpenCVE AI on May 11, 2026 at 18:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a release that includes the patch for freeing the BO array in vc4_free_hang_state.
  • If an immediate kernel upgrade is not feasible, disable the drm/vc4 device or restrict access to it, and monitor system logs for hang‑state events that could trigger the leak.
  • For a more rapid fix in environments with custom kernels, backport the kfree() change from the referenced commit into the running kernel source and rebuild.

Generated by OpenCVE AI on May 11, 2026 at 18:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 05:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the missing kfree() for the BO array before freeing the hang state struct.
Title drm/vc4: Fix memory leak of BO array in hang state
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:49.840Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43105

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:24.097

Modified: 2026-05-11T17:32:11.270

Link: CVE-2026-43105

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43105 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T18:45:25Z

Weaknesses