Description
In the Linux kernel, the following vulnerability has been resolved:

drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback

After several commits, the slab memory increases. Some drm_crtc_commit
objects are not freed. The atomic_destroy_state callback only put the
framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function
to put all the objects that are no longer needed.

It has been seen after hours of usage of a graphics application or using
kmemleak:

unreferenced object 0xc63a6580 (size 64):
comm "egt_basic", pid 171, jiffies 4294940784
hex dump (first 32 bytes):
40 50 34 c5 01 00 00 00 ff ff ff ff 8c 65 3a c6 @P4..........e:.
8c 65 3a c6 ff ff ff ff 98 65 3a c6 98 65 3a c6 .e:......e:..e:.
backtrace (crc c25aa925):
kmemleak_alloc+0x34/0x3c
__kmalloc_cache_noprof+0x150/0x1a4
drm_atomic_helper_setup_commit+0x1e8/0x7bc
drm_atomic_helper_commit+0x3c/0x15c
drm_atomic_commit+0xc0/0xf4
drm_atomic_helper_set_config+0x84/0xb8
drm_mode_setcrtc+0x32c/0x810
drm_ioctl+0x20c/0x488
sys_ioctl+0x14c/0xc20
ret_fast_syscall+0x0/0x54
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the Linux kernel’s drm/atmel-hlcdc driver allows a memory leak to persist in the atomic_destroy_state handling, causing drm_crtc_commit objects to remain allocated and unfreed. As these objects accumulate over time, kernel slab memory grows until the system can run out of memory, potentially leading to an out‑of‑memory condition and a crash or reboot. An attacker can trigger the leak by simply running a graphics application that uses the driver, so the vulnerability can be exercised easily without advanced privileges. The impact is therefore a denial of service rather than direct code execution or data exfiltration.

Affected Systems

All Linux kernel builds that include the drm/atmel-hlcdc driver without the later commits applying the fix are affected, regardless of distribution. The precise kernel versions are not enumerated in the data; any kernel containing the code before the patch will be vulnerable. The fix is contained in the referenced commit series that add full cleanup via __drm_atomic_helper_plane_destroy_state().

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity, while the EPSS score is < 1%, reflecting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local, as the leak occurs during normal graphics application usage or when a user examines kernel memory with kmemleak. Any user who can run a graphics application on the system can trigger the leak, making the risk low to moderate in threat level but potentially high in impact if the system runs the offending code for an extended period. No privilege escalation or exploitation of additional weaknesses is required beyond normal user access to the driver.

Generated by OpenCVE AI on May 8, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the committing changes that fix the memory leak via the “__drm_atomic_helper_plane_destroy_state()” call.
  • If a kernel update is not yet available on the system, blacklist or disable the atmel-hlcdc driver so that it is not loaded and cannot leak memory.
  • Use an alternate display driver or keep graphics acceleration disabled to prevent the driver from being exercised until a fix is applied.

Generated by OpenCVE AI on May 8, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Fri, 08 May 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-404

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-404

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The atomic_destroy_state callback only put the framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function to put all the objects that are no longer needed. It has been seen after hours of usage of a graphics application or using kmemleak: unreferenced object 0xc63a6580 (size 64): comm "egt_basic", pid 171, jiffies 4294940784 hex dump (first 32 bytes): 40 50 34 c5 01 00 00 00 ff ff ff ff 8c 65 3a c6 @P4..........e:. 8c 65 3a c6 ff ff ff ff 98 65 3a c6 98 65 3a c6 .e:......e:..e:. backtrace (crc c25aa925): kmemleak_alloc+0x34/0x3c __kmalloc_cache_noprof+0x150/0x1a4 drm_atomic_helper_setup_commit+0x1e8/0x7bc drm_atomic_helper_commit+0x3c/0x15c drm_atomic_commit+0xc0/0xf4 drm_atomic_helper_set_config+0x84/0xb8 drm_mode_setcrtc+0x32c/0x810 drm_ioctl+0x20c/0x488 sys_ioctl+0x14c/0xc20 ret_fast_syscall+0x0/0x54
Title drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:17.527Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:48.053

Modified: 2026-05-08T19:40:49.737

Link: CVE-2026-43269

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43269 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:00:10Z

Weaknesses