CVE-2026-43155 - Vulnerability Details

- mux: mmio: fix regmap leak on probe failure

Description

In the Linux kernel, the following vulnerability has been resolved:

mux: mmio: fix regmap leak on probe failure

The mmio regmap that may be allocated during probe is never freed.

Switch to using the device managed allocator so that the regmap is
released on probe failures (e.g. probe deferral) and on driver unbind.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a kernel regmap leak that occurs when a device driver’s probe fails or is deferred. Allocated regmap resources are not freed, which can cause kernel memory exhaustion over time. The primary impact is resource exhaustion that can degrade system performance or cause out‑of‑memory conditions, potentially leading to denial of service for the affected system.

Affected Systems

All Linux kernel builds are potentially affected, as the issue is located in the generic mmio regmap infrastructure used by mux drivers. No specific kernel release or version is listed, so any kernel configuration that includes this driver may be vulnerable.

Risk and Exploitability

The CVSS and EPSS scores are not published, and the vulnerability is not listed in CISA’s KEV catalog. Because the defect occurs inside the kernel during driver probe, it requires privileged kernel execution to trigger and is unlikely to be exploitable from user space. The risk is therefore limited to scenarios where an attacker can influence device loading or driver failure conditions, allowing potential memory exhaustion over time and a low‑to‑moderate likelihood of successful exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`61de83fd8256e185588670d3cf0bccc3e913819c`	affected	< 76096f156fe9dc9fbd6e4618088706e91b9b0a6c
`61de83fd8256e185588670d3cf0bccc3e913819c`	affected	< cbde3c109d52564ae2c12e514c33c44345e84b2c
`61de83fd8256e185588670d3cf0bccc3e913819c`	affected	< 3c4ae63073d84abee5d81ce46d86a94e9dae9c89

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[61de83fd8256e185588670d3cf0bccc3e913819c,76096f156fe9dc9fbd6e4618088706e91b9b0a6c)`	affected	code_commit	—
`[61de83fd8256e185588670d3cf0bccc3e913819c,cbde3c109d52564ae2c12e514c33c44345e84b2c)`	affected	code_commit	—
`[61de83fd8256e185588670d3cf0bccc3e913819c,3c4ae63073d84abee5d81ce46d86a94e9dae9c89)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	semver	—
`[0,6.16)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that incorporates the fix which switches to the device managed allocator for regmap allocation.
If an official kernel update is not yet available for your platform, manually apply the patches from commits c4c... through cbde... to the kernel source tree to enforce regmap cleanup on probe failure.
After applying the fix, monitor kernel memory usage for the mux driver to confirm that regmap resources are released during failures or on driver unbind.

Generated by OpenCVE AI on May 6, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3c4ae63073d84abee5d81ce46d86a94e9dae9c89
https://git.kernel.org/stable/c/76096f156fe9dc9fbd6e4618088706e91b9b0a6c
https://git.kernel.org/stable/c/cbde3c109d52564ae2c12e514c33c44345e84b2c

History

Wed, 06 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400 CWE-590

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures (e.g. probe deferral) and on driver unbind.
Title		mux: mmio: fix regmap leak on probe failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3c4ae63073d84abee5d81ce46d86a94e9dae9c89 https://git.kernel.org/stable/c/76096f156fe9dc9fbd6e4618088706e91b9b0a6c https://git.kernel.org/stable/c/cbde3c109d52564ae2c12e514c33c44345e84b2c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:35.800Z

Updated: 2026-05-06T11:27:35.800Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43155

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:33.310

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43155

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T15:15:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object