Description
In the Linux kernel, the following vulnerability has been resolved:

media: i2c/tw9903: Fix potential memory leak in tw9903_probe()

In one of the error paths in tw9903_probe(), the memory allocated in
v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that
by calling v4l2_ctrl_handler_free() on the handler in that error path.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs in the Linux kernel’s tw9903 I2C media driver during the probe routine. When an error path is taken, the control handler created by v4l2_ctrl_handler_init and v4l2_ctrl_new_std is not released, causing a repeated allocation that can drain kernel memory and potentially lead to a panic or a denial‑of‑service condition. The vulnerability does not grant code execution or privilege escalation.

Affected Systems

The issue affects Linux kernel builds that ship the tw9903 driver and have not applied the commit that added v4l2_ctrl_handler_free to the error path. The vendor is the Linux kernel project; the fix is present in any mainline or stable kernel released after the changes referenced in the commit history. Older kernels without the commit remain vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, and no public exploit is available. An attacker would need to trigger the probe error, which likely requires interaction with the tw9903 hardware or manipulating the module load sequence. As a result, the risk is limited to resource exhaustion and service interruption rather than active compromise.

Generated by OpenCVE AI on May 11, 2026 at 23:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the tw9903 probe memory‑leak fix.
  • If an upgrade cannot be performed immediately, disable the tw9903 I2C media driver or block access to the device to stop the error path from executing.
  • Verify that any existing modules correctly free their control handlers during unload or error handling to avoid lingering allocations.

Generated by OpenCVE AI on May 11, 2026 at 23:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Mon, 11 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 06 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903_probe() In one of the error paths in tw9903_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that by calling v4l2_ctrl_handler_free() on the handler in that error path.
Title media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:17.331Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43218

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:41.413

Modified: 2026-05-11T19:27:37.530

Link: CVE-2026-43218

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43218 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:15:09Z

Weaknesses