CVE-2026-43246 - Vulnerability Details

- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: i2c/tw9906: Fix potential memory leak in tw9906_probe()

In one of the error paths in tw9906_probe(), the memory allocated in
v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that
by calling v4l2_ctrl_handler_free() on the handler in that error path.

Published: 2026-05-06

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel media driver for the TW9906 I2C device contains a memory leak introduced during error handling in the probe function. Memory allocated via v4l2_ctrl_handler_init and v4l2_ctrl_new_std is not freed in an error path, allowing an attacker to gradually consume system memory, potentially leading to denial of service or system instability. This weakness corresponds to CWE-401.

Affected Systems

The flaw resides in the Linux kernel, specifically in the tw9906 driver within the media subsystem. The affected kernel versions are not explicitly specified, so any kernel release that includes this driver prior to the commit that fixes the leak is vulnerable. Systems running a Linux kernel version that still contains the problematic tw9906_probe implementation without the v4l2_ctrl_handler_free call are impacted.

Risk and Exploitability

No EPSS is available and the vulnerability is not listed in the CISA KEV catalog, so it is not known to be actively exploited today. The absence of a publicly known CVSS score suggests moderate risk; the memory leak could be exploited by a local attacker with sufficient privileges or by an attacker who can force the kernel to load the TW9906 driver, such as through a malicious I2C device. The actual impact requires sustained conditions and is less likely to be a high‑impact vector, but provisioning for an eventual denial of service is prudent.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< e9a490937942f18205dac7b6b192975ef1369ae1
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< 9548a8bbf511a252a9848f96220c6b95c9a3b918
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< 0c33338514d8246280533a77091e6b6ee548c606
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< ccb92def042a3636ed47f25a30bd553788e5191e
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< fb09d8b80046216646f1a344410cfa9cfa6c6c7c
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< 377a7756914364d72550fc86ca0f404ef1d96141
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< 59420d5d9c46b084e21f9ea6ce79fc79ae9e414c
`a000e9a02b5885b1b69f691c80e346d102f94a88`	affected	< cad237b6c875fbee5d353a2b289e98d240d17ec8

Linux

affected

Version	Status	Constraints
`3.10`	affected	—
`0`	unaffected	< 3.10
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[a000e9a02b5885b1b69f691c80e346d102f94a88,e9a490937942f18205dac7b6b192975ef1369ae1)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,9548a8bbf511a252a9848f96220c6b95c9a3b918)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,0c33338514d8246280533a77091e6b6ee548c606)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,377a7756914364d72550fc86ca0f404ef1d96141)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,59420d5d9c46b084e21f9ea6ce79fc79ae9e414c)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,cad237b6c875fbee5d353a2b289e98d240d17ec8)`	affected	code_commit	['*']
`[a000e9a02b5885b1b69f691c80e346d102f94a88,fb09d8b80046216646f1a344410cfa9cfa6c6c7c)`	affected	code_commit	['*']

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.10`	affected	semver	['*']
`[0,3.10)`	unaffected	semver	['*']
`[5.10.252,5.11.0)`	unaffected	semver	['*']
`[5.15.202,5.16.0)`	unaffected	semver	['*']
`[6.1.165,6.2.0)`	unaffected	semver	['*']
`[6.6.128,6.7.0)`	unaffected	semver	['*']
`[6.12.75,6.13.0)`	unaffected	semver	['*']
`[6.18.16,6.19.0)`	unaffected	semver	['*']
`[6.19.6,6.20.0)`	unaffected	semver	['*']
`[7.0,*]`	unaffected	generic	['*']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the tw9906 probe fix from the 0c333385 commit
If the driver is not required, disable or blacklist the i2c/tw9906 module by adjusting the kernel configuration or adding the module to a blacklist
Monitor system memory usage for abnormal spikes and enforce strict access controls on I2C device nodes to limit local attacker privileges

Generated by OpenCVE AI on May 6, 2026 at 14:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0c33338514d8246280533a77091e6b6ee548c606
https://git.kernel.org/stable/c/377a7756914364d72550fc86ca0f404ef1d96141
https://git.kernel.org/stable/c/59420d5d9c46b084e21f9ea6ce79fc79ae9e414c
https://git.kernel.org/stable/c/9548a8bbf511a252a9848f96220c6b95c9a3b918
https://git.kernel.org/stable/c/cad237b6c875fbee5d353a2b289e98d240d17ec8
https://git.kernel.org/stable/c/ccb92def042a3636ed47f25a30bd553788e5191e
https://git.kernel.org/stable/c/e9a490937942f18205dac7b6b192975ef1369ae1
https://git.kernel.org/stable/c/fb09d8b80046216646f1a344410cfa9cfa6c6c7c

History

Wed, 06 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906_probe() In one of the error paths in tw9906_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that by calling v4l2_ctrl_handler_free() on the handler in that error path.
Title		media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c33338514d8246280533a77091e6b6ee548c606 https://git.kernel.org/stable/c/377a7756914364d72550fc86ca0f404ef1d96141 https://git.kernel.org/stable/c/59420d5d9c46b084e21f9ea6ce79fc79ae9e414c https://git.kernel.org/stable/c/9548a8bbf511a252a9848f96220c6b95c9a3b918 https://git.kernel.org/stable/c/cad237b6c875fbee5d353a2b289e98d240d17ec8 https://git.kernel.org/stable/c/ccb92def042a3636ed47f25a30bd553788e5191e https://git.kernel.org/stable/c/e9a490937942f18205dac7b6b192975ef1369ae1 https://git.kernel.org/stable/c/fb09d8b80046216646f1a344410cfa9cfa6c6c7c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:38.246Z

Updated: 2026-05-06T11:28:38.246Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43246

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:45.103

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43246

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T18:15:09Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object