Description
In the Linux kernel, the following vulnerability has been resolved:

media: tegra-video: Fix memory leak in __tegra_channel_try_format()

The state object allocated by __v4l2_subdev_state_alloc() must be freed
with __v4l2_subdev_state_free() when it is no longer needed.

In __tegra_channel_try_format(), two error paths return directly after
v4l2_subdev_call() fails, without freeing the allocated 'sd_state'
object. This violates the requirement and causes a memory leak.

Fix this by introducing a cleanup label and using goto statements in the
error paths to ensure that __v4l2_subdev_state_free() is always called
before the function returns.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory leak exists in Linux's Tegra video driver function __tegra_channel_try_format(). The bug occurs when v4l2_subdev_call() fails and the allocated state object is not freed, violating cleanup requirements and consuming kernel memory over time. This flaw falls under CWE-772 (Improper Resource Shutdown or Release) and CWE-401 (Memory Leak). The leak can lead to gradual system slowdown or a full denial of service, but does not provide direct code execution or privilege escalation.

Affected Systems

Linux systems that use the Tegra video subsystem and include the legacy __tegra_channel_try_format() implementation are affected. Any kernel version prior to the commit that introduced the cleanup label and proper deallocation is vulnerable. Devices employing Tegra hardware or applications that load the Tegra video driver are at risk.

Risk and Exploitability

The vulnerability can be exploited through local interaction with an application or service that triggers __tegra_channel_try_format(). The CVE description does not specify required privilege levels; it is inferred that an attacker would need at least local access to invoke the vulnerable path, though the exact access requirement is not clarified. The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a very low exploitation probability. The issue is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 13, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update your Linux kernel to a version that includes the patch fixing the memory leak in the Tegra video driver
  • Reboot the system to ensure the new kernel is loaded and the vulnerable code is replaced
  • If the Tegra driver is not required for your workload, unload or disable the driver to prevent the leak from occurring

Generated by OpenCVE AI on May 13, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 06:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in __tegra_channel_try_format() The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed. In __tegra_channel_try_format(), two error paths return directly after v4l2_subdev_call() fails, without freeing the allocated 'sd_state' object. This violates the requirement and causes a memory leak. Fix this by introducing a cleanup label and using goto statements in the error paths to ensure that __v4l2_subdev_state_free() is always called before the function returns.
Title media: tegra-video: Fix memory leak in __tegra_channel_try_format()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:57.725Z

Reserved: 2026-05-01T14:12:55.990Z

Link: CVE-2026-43162

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:34.280

Modified: 2026-05-13T21:19:56.020

Link: CVE-2026-43162

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43162 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:45:06Z

Weaknesses