CVE-2026-43270 - Vulnerability Details

- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()

Description

In the Linux kernel, the following vulnerability has been resolved:

media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()

In mtk_mdp_probe(), vpu_get_plat_device() increases the reference
count of the returned platform device. Add platform_device_put()
to prevent reference leak.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is a reference‑count leak in the Linux kernel media driver for MediaTek chipset (mtk-mdp). During device probing, the driver obtains a reference to a platform device but never releases it when the device is removed. This results in a gradual increase in kernel memory usage; repeated probe and removal sequences can exhaust available memory or destabilize the kernel, potentially leading to a denial of service. The weakness is classified as a double reference count issue (CWE‑911). The vulnerability does not provide direct code execution or privilege escalation.

Affected Systems

The vulnerability affects any Linux system that includes the generic Linux kernel with the mtk-mdp media driver enabled. Because no specific kernel version range was provided, all kernel builds prior to the patch that fixes the mtk_mdp_remove reference‑count bug may be impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and combined with the EPSS score of less than 1%, the likelihood of exploitation remains low. The vulnerability is not listed in CISA’s KEV catalog, indicating it has not yet been widely exploited. Based on the description, it is inferred that the attack vector requires local or kernel‑level interaction to trigger repeated probe and removal cycles, which makes the risk low to moderate for non‑privileged users. Immediate remediation by updating the kernel mitigates the potential for memory exhaustion and system instability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 403b7c757ac9f6b2ffb7d00ff4795a245f5e8911
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< dd530e29bd514d7187b3e2df8eb2107419c7988f
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< c44beed2e5caf2cbbe651432baa3a129f18b0169
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 4f2a51433a3a65d16975d1e32052d80656da077d
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< a62ba5aa9ee95fd953583e95e519badf0b76ecf3
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 2d93758f42a57f3485534eab858b308e41653de4
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< f128bab57b8018e526b7eda854ca20069863af47

Linux

affected

Version	Status	Constraints
`4.10`	affected	—
`0`	unaffected	< 4.10
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,403b7c757ac9f6b2ffb7d00ff4795a245f5e8911]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,dd530e29bd514d7187b3e2df8eb2107419c7988f]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,c44beed2e5caf2cbbe651432baa3a129f18b0169]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,4f2a51433a3a65d16975d1e32052d80656da077d]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,a62ba5aa9ee95fd953583e95e519badf0b76ecf3]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,2d93758f42a57f3485534eab858b308e41653de4]`	affected	code_commit	—
`[c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a,f128bab57b8018e526b7eda854ca20069863af47]`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.10`	affected	generic	—
`[0,4.10)`	unaffected	semver	—
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that contains the mtk_mdp_remove reference‑count fix, such as the latest stable kernel or apply the specific patch set referenced in the advisory.
If a kernel upgrade is not feasible, disable the mtk-mdp driver by blacklisting it or unloading it from running systems to prevent the reference leak from occurring.
Reboot the system or restart the kernel to ensure the driver is fully unloaded and that the vulnerable code path is no longer active.

Generated by OpenCVE AI on May 8, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2d93758f42a57f3485534eab858b308e41653de4
https://git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff4795a245f5e8911
https://git.kernel.org/stable/c/4f2a51433a3a65d16975d1e32052d80656da077d
https://git.kernel.org/stable/c/564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d
https://git.kernel.org/stable/c/a62ba5aa9ee95fd953583e95e519badf0b76ecf3
https://git.kernel.org/stable/c/c44beed2e5caf2cbbe651432baa3a129f18b0169
https://git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8eb2107419c7988f
https://git.kernel.org/stable/c/f128bab57b8018e526b7eda854ca20069863af47
https://lore.kernel.org/linux-cve-announce/2026050610-CVE-2026-43270-f9c8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43270
https://www.cve.org/CVERecord?id=CVE-2026-43270

History

Fri, 08 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-772

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050610-CVE-2026-43270-f9c8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43270 https://www.cve.org/CVERecord?id=CVE-2026-43270

Wed, 06 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() In mtk_mdp_probe(), vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak.
Title		media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2d93758f42a57f3485534eab858b308e41653de4 https://git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff4795a245f5e8911 https://git.kernel.org/stable/c/4f2a51433a3a65d16975d1e32052d80656da077d https://git.kernel.org/stable/c/564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d https://git.kernel.org/stable/c/a62ba5aa9ee95fd953583e95e519badf0b76ecf3 https://git.kernel.org/stable/c/c44beed2e5caf2cbbe651432baa3a129f18b0169 https://git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8eb2107419c7988f https://git.kernel.org/stable/c/f128bab57b8018e526b7eda854ca20069863af47

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:54.866Z

Updated: 2026-05-11T22:21:18.648Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43270

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:48.190

Modified: 2026-05-08T20:00:20.540

Link: CVE-2026-43270

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43270 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T21:30:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object