CVE-2026-43135 - Vulnerability Details

- media: cx23885: Add missing unmap in snd_cx23885_hw_params()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: cx23885: Add missing unmap in snd_cx23885_hw_params()

In error path, add cx23885_alsa_dma_unmap() to release the
resource acquired by cx23885_alsa_dma_map().

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel driver for CX23885 audio hardware contains a flaw where an error path fails to call cx23885_alsa_dma_unmap(), leaving a DMA mapping unreleased. This leads to a resource leak; subsequent attempts to map or use the device may fail, potentially corrupting memory or exhausting kernel address space. The impact is that an attacker who can control the driver’s initialization or can trigger repeated failures could cause the system to become unstable or crash, affecting availability.

Affected Systems

All Linux kernel installations that include the media driver cx23885, regardless of vendor. Any system running an older kernel that uses the cx23885 module is potentially affected; the problem does not appear to affect other drivers.

Risk and Exploitability

This flaw involves the missing release of a DMA mapping, corresponding to CWE-772, a missing delete or release resource weakness. No public exploit has been reported and the vulnerability is not listed in CISA’s KEV catalog. The EPSS score of 0.00032, indicating a very low exploitation probability, suggests the risk of exploitation is unlikely but not impossible. Because the flaw can lead to system instability or denial of service, it should be treated with caution. The CVSS score of 5.5 indicates a medium risk level. The impact depends on whether the affected device is actively used; a server without CX23885 hardware is not impacted even if the driver remains compiled.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< fda46c9025b755ea50a969b960f333be62421b71
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 0b7f56084cc3d7766bf274b71cd14cc9674b76bf
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 505630dd1ebf4b53d3f2866c057ddd93157a24d8
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 544215cc37d032ccaf1919852c05e2439a4d7540
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 9c0a6ff538660c36a98081916a24f08d55a91331
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 9544b73cad4ee667fed6a60f71570c58a870a735
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< fc4df593a8ffded2f77d69a73ecb51d364932ca5
`9529a4b0cf49163e489446ec159a2dfb64f78df8`	affected	< 141c81849fab2ad4d6e3fdaff7cbaa873e8b5eb2

Linux

affected

Version	Status	Constraints
`3.18`	affected	—
`0`	unaffected	< 3.18
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,fda46c9025b755ea50a969b960f333be62421b71)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,0b7f56084cc3d7766bf274b71cd14cc9674b76bf)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,505630dd1ebf4b53d3f2866c057ddd93157a24d8)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,544215cc37d032ccaf1919852c05e2439a4d7540)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,9c0a6ff538660c36a98081916a24f08d55a91331)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,9544b73cad4ee667fed6a60f71570c58a870a735)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,fc4df593a8ffded2f77d69a73ecb51d364932ca5)`	affected	code_commit	—
`[9529a4b0cf49163e489446ec159a2dfb64f78df8,141c81849fab2ad4d6e3fdaff7cbaa873e8b5eb2)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.18`	affected	semver	—
`[0,3.18)`	unaffected	semver	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel patch that implements the missing unmap in snd_cx23885_hw_params(); the patch is available in kernel revisions after commit 0b7f5608.
If an update cannot be applied immediately, disable the cx23885 device in the kernel configuration, or unload the module to prevent its usage until the fix is applied.
Monitor system logs (dmesg, /var/log/kern.log) for DMA mapping or resource allocation errors, and set alerts for any kernel panics or repeated allocation failures.

Generated by OpenCVE AI on May 12, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0b7f56084cc3d7766bf274b71cd14cc9674b76bf
https://git.kernel.org/stable/c/141c81849fab2ad4d6e3fdaff7cbaa873e8b5eb2
https://git.kernel.org/stable/c/505630dd1ebf4b53d3f2866c057ddd93157a24d8
https://git.kernel.org/stable/c/544215cc37d032ccaf1919852c05e2439a4d7540
https://git.kernel.org/stable/c/9544b73cad4ee667fed6a60f71570c58a870a735
https://git.kernel.org/stable/c/9c0a6ff538660c36a98081916a24f08d55a91331
https://git.kernel.org/stable/c/fc4df593a8ffded2f77d69a73ecb51d364932ca5
https://git.kernel.org/stable/c/fda46c9025b755ea50a969b960f333be62421b71
https://lore.kernel.org/linux-cve-announce/2026050623-CVE-2026-43135-df5a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43135
https://www.cve.org/CVERecord?id=CVE-2026-43135

History

Tue, 12 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 07 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050623-CVE-2026-43135-df5a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43135 https://www.cve.org/CVERecord?id=CVE-2026-43135
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in snd_cx23885_hw_params() In error path, add cx23885_alsa_dma_unmap() to release the resource acquired by cx23885_alsa_dma_map().
Title		media: cx23885: Add missing unmap in snd_cx23885_hw_params()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0b7f56084cc3d7766bf274b71cd14cc9674b76bf https://git.kernel.org/stable/c/141c81849fab2ad4d6e3fdaff7cbaa873e8b5eb2 https://git.kernel.org/stable/c/505630dd1ebf4b53d3f2866c057ddd93157a24d8 https://git.kernel.org/stable/c/544215cc37d032ccaf1919852c05e2439a4d7540 https://git.kernel.org/stable/c/9544b73cad4ee667fed6a60f71570c58a870a735 https://git.kernel.org/stable/c/9c0a6ff538660c36a98081916a24f08d55a91331 https://git.kernel.org/stable/c/fc4df593a8ffded2f77d69a73ecb51d364932ca5 https://git.kernel.org/stable/c/fda46c9025b755ea50a969b960f333be62421b71

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:22.226Z

Updated: 2026-05-11T22:18:26.070Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43135

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:30.747

Modified: 2026-05-12T21:11:19.143

Link: CVE-2026-43135

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43135 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object