CVE-2026-43183 - Vulnerability Details

- media: cx25821: Fix a resource leak in cx25821_dev_setup()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: cx25821: Fix a resource leak in cx25821_dev_setup()

Add release_mem_region() if ioremap() fails to release the memory
region obtained by cx25821_get_resources().

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a resource leak in the cx25821 media driver for Linux. When the ioremap() call fails, the driver does not release the memory region obtained by cx25821_get_resources(), leaving a reserved region in the kernel’s address space. Over time this can exhaust kernel memory or prevent other devices from allocating resources, which may cause system instability or crashes.

Affected Systems

All Linux kernel installations that include the cx25821 driver before the patch are impacted. No specific kernel versions are listed, so any kernel build containing this driver should be considered vulnerable until the fix is applied.

Risk and Exploitability

No public exploits have been recorded and the vulnerability is not listed in CISA KEV, but the loss of a memory region can lead to denial of service if the condition repeats. Exploitation requires an adversary to trigger the driver’s initialization routine, which is typically a local or privileged action. The EPSS is not available, suggesting limited known exploitation activity. Administrators should treat the risk as moderate and install the patched kernel promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9f1c926248bde95a77ca104ab525467470607836
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 071bfc6e723aabbbf08f0d439fb913cd01eb8de2
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f7759eb6738ee9fc296f6ab1705c6809947976f3
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 4010e596d23cda6de65acb14f7fd4ce8289f1d49
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< e220ec4c4596d634685b8a08d79ad876a720b466
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b7210170b10e2d17f7a4f6b9d39cc092442db860
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 80ce3797dc99dae4ce8b939626b891c9eb85139f
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 68cd8ac994cac38a305200f638b30e13c690753b

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9f1c926248bde95a77ca104ab525467470607836)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,071bfc6e723aabbbf08f0d439fb913cd01eb8de2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f7759eb6738ee9fc296f6ab1705c6809947976f3)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,4010e596d23cda6de65acb14f7fd4ce8289f1d49)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e220ec4c4596d634685b8a08d79ad876a720b466)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b7210170b10e2d17f7a4f6b9d39cc092442db860)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,80ce3797dc99dae4ce8b939626b891c9eb85139f)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,68cd8ac994cac38a305200f638b30e13c690753b)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains the cx25821 driver fix, such as the latest stable release from your distribution or a recent upstream kernel that includes the commit addressing the leak.
If your distribution has not yet patched the kernel, apply the upstream patch set yourself by checking out the commit shown in the references (e.g., 071bfc6e723aabbbf08f0d439fb913cd01eb8de2) and rebuilding the kernel.
After updating, reboot into the patched kernel and verify that the cx25821 driver initializes without failing ioremap() and that the memory region is properly released.

Generated by OpenCVE AI on May 6, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/071bfc6e723aabbbf08f0d439fb913cd01eb8de2
https://git.kernel.org/stable/c/4010e596d23cda6de65acb14f7fd4ce8289f1d49
https://git.kernel.org/stable/c/68cd8ac994cac38a305200f638b30e13c690753b
https://git.kernel.org/stable/c/80ce3797dc99dae4ce8b939626b891c9eb85139f
https://git.kernel.org/stable/c/9f1c926248bde95a77ca104ab525467470607836
https://git.kernel.org/stable/c/b7210170b10e2d17f7a4f6b9d39cc092442db860
https://git.kernel.org/stable/c/e220ec4c4596d634685b8a08d79ad876a720b466
https://git.kernel.org/stable/c/f7759eb6738ee9fc296f6ab1705c6809947976f3

History

Wed, 06 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-459

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821_dev_setup() Add release_mem_region() if ioremap() fails to release the memory region obtained by cx25821_get_resources().
Title		media: cx25821: Fix a resource leak in cx25821_dev_setup()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/071bfc6e723aabbbf08f0d439fb913cd01eb8de2 https://git.kernel.org/stable/c/4010e596d23cda6de65acb14f7fd4ce8289f1d49 https://git.kernel.org/stable/c/68cd8ac994cac38a305200f638b30e13c690753b https://git.kernel.org/stable/c/80ce3797dc99dae4ce8b939626b891c9eb85139f https://git.kernel.org/stable/c/9f1c926248bde95a77ca104ab525467470607836 https://git.kernel.org/stable/c/b7210170b10e2d17f7a4f6b9d39cc092442db860 https://git.kernel.org/stable/c/e220ec4c4596d634685b8a08d79ad876a720b466 https://git.kernel.org/stable/c/f7759eb6738ee9fc296f6ab1705c6809947976f3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:54.977Z

Updated: 2026-05-06T11:27:54.977Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43183

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:36.920

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43183

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T18:15:09Z

Weaknesses

CWE-459

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object