Description
In the Linux kernel, the following vulnerability has been resolved:

media: cx25821: Fix a resource leak in cx25821_dev_setup()

Add release_mem_region() if ioremap() fails to release the memory
region obtained by cx25821_get_resources().
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a resource leak in the cx25821 media driver for Linux. When the ioremap() call fails, the driver does not release the memory region obtained by cx25821_get_resources(), leaving a reserved region in the kernel’s address space. Over time this can exhaust kernel memory or prevent other devices from allocating resources, which may cause system instability or crashes.

Affected Systems

All Linux kernel installations that include the cx25821 driver before the patch are impacted. No specific kernel versions are listed, so any kernel build containing this driver should be considered vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. No public exploits have been recorded and the vulnerability is not listed in CISA KEV, but the loss of a memory region can lead to denial of service if the condition repeats. Exploitation requires an adversary to trigger the driver’s initialization routine, which is typically a local or privileged action. The EPSS score of < 1% (approximately 0.00024) indicates a very low probability of exploitation. Administrators should treat the risk as moderate and install the patched kernel promptly.

Generated by OpenCVE AI on May 11, 2026 at 23:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the cx25821 driver fix, such as the latest stable release from your distribution or a recent upstream kernel that includes the commit addressing the leak.
  • If your distribution has not yet patched the kernel, apply the upstream patch set yourself by checking out the commit shown in the references (e.g., 071bfc6e723aabbbf08f0d439fb913cd01eb8de2) and rebuilding the kernel.
  • Reboot into the patched kernel.

Generated by OpenCVE AI on May 11, 2026 at 23:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Mon, 11 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821_dev_setup() Add release_mem_region() if ioremap() fails to release the memory region obtained by cx25821_get_resources().
Title media: cx25821: Fix a resource leak in cx25821_dev_setup()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:19:27.248Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43183

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:36.920

Modified: 2026-05-11T20:55:02.073

Link: CVE-2026-43183

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43183 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:45:03Z

Weaknesses