Description
In the Linux kernel, the following vulnerability has been resolved:

media: iris: Add buffer to list only after successful allocation

Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating
internal buffers. Previously, the buffer was enqueued in `buffers->list`
before the DMA allocation. If the allocation failed, the function returned
`-ENOMEM` while leaving a partially initialized buffer in the list, which
could lead to inconsistent state and potential leaks.

By adding the buffer to the list only after `dma_alloc_attrs()` succeeds,
we ensure the list contains only valid, fully initialized buffers.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s media subsystem causes a partially initialized buffer to be inserted into a kernel list whenever a DMA allocation fails. The buffer remains in the list despite the failure code, creating an inconsistent kernel state. If later code attempts to use this buffer, a null or invalid memory dereference can trigger a kernel crash or memory corruption, potentially leading to a denial of service.

Affected Systems

Any system running a Linux kernel that includes the affected media:iris code path is susceptible. The vulnerability does not affect a specific kernel version, so all current releases that have not applied the change are impacted.

Risk and Exploitability

No publicly available EPSS or CVSS score is listed, and the vulnerability is not in the CISA KEV catalog. Attackers would need local or privileged access to trigger the specific DRM or media path that causes a DMA allocation failure. Because the flaw requires kernel-level code execution to reach the vulnerable code, it is not remotely exploitable and its risk in the wild is low, though a successful trigger can cause a kernel panic. Updating the kernel is the recommended mitigation.

Generated by OpenCVE AI on May 6, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel update that includes the fix, which moves the list addition after dma_alloc_attrs succeeds.
  • If using a custom kernel build, manually apply the patch to adjust the list_add_tail placement and rebuild the kernel.
  • Reboot the system (or reload the affected module) to load the updated kernel and verify that the media subsystem no longer triggers DMA allocation failures.

Generated by OpenCVE AI on May 6, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating internal buffers. Previously, the buffer was enqueued in `buffers->list` before the DMA allocation. If the allocation failed, the function returned `-ENOMEM` while leaving a partially initialized buffer in the list, which could lead to inconsistent state and potential leaks. By adding the buffer to the list only after `dma_alloc_attrs()` succeeds, we ensure the list contains only valid, fully initialized buffers.
Title media: iris: Add buffer to list only after successful allocation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:27:29.562Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43146

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:32.127

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43146

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T18:00:11Z

Weaknesses