CVE-2026-43397 - Vulnerability Details

- drm/bridge: samsung-dsim: Fix memory leak in error path

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: samsung-dsim: Fix memory leak in error path

In samsung_dsim_host_attach(), drm_bridge_add() is called to add the
bridge. However, if samsung_dsim_register_te_irq() or
pdata->host_ops->attach() fails afterwards, the function returns
without removing the bridge, causing a memory leak.

Fix this by adding proper error handling with goto labels to ensure
drm_bridge_remove() is called in all error paths. Also ensure that
samsung_dsim_unregister_te_irq() is called if the attach operation
fails after the TE IRQ has been registered.

samsung_dsim_unregister_te_irq() function is moved without changes
to be before samsung_dsim_host_attach() to avoid forward declaration.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel Samsung DSIM bridge driver causes a memory leak when attaching a DSIM host. After the bridge is added, the driver registers a timing‑event IRQ and then attempts a hardware attach operation. If the IRQ registration or the attach fails, the code returns without removing the bridge or unregistering the IRQ, allowing the leaked objects to accumulate. Persisting memory leaks in kernel components can deplete system memory and eventually result in denial‑of‑service or system instability.

Affected Systems

Any Linux kernel that includes the legacy Samsung DSIM bridge code and has not yet incorporated the committed patch is affected. This includes all kernel versions that ship with the drm/bridge:samsung-dsim driver present until the error‑handling fix is applied.

Risk and Exploitability

The CVSS score is not specified in the CVE data and no EPSS score is available. The vulnerability is not listed in the CISA KEV catalog. Exploitation of this flaw would most likely require local privileged access or the ability to interact with the kernel module, as the memory leak is triggered by normal operations of the DSIM bridge such as initializing or switching display modes. Remote exploitation without additional privilege escalation has not been described.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e7447128ca4a250374d6721ee98e3e3cf99551a6`	affected	< 98310fe3a2a79671b739a5344c1a11d74c503e25
`e7447128ca4a250374d6721ee98e3e3cf99551a6`	affected	< 0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95
`e7447128ca4a250374d6721ee98e3e3cf99551a6`	affected	< e6d779654cda63d632bd8dfcdcabd125057e30a5
`e7447128ca4a250374d6721ee98e3e3cf99551a6`	affected	< a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1
`e7447128ca4a250374d6721ee98e3e3cf99551a6`	affected	< 803ec1faf7c1823e6e3b1f2aaa81be18528c9436

Linux

affected

Version	Status	Constraints
`6.4`	affected	—
`0`	unaffected	< 6.4
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e7447128ca4a250374d6721ee98e3e3cf99551a6,98310fe3a2a79671b739a5344c1a11d74c503e25)`	affected	code_commit	—
`[e7447128ca4a250374d6721ee98e3e3cf99551a6,0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95)`	affected	code_commit	—
`[e7447128ca4a250374d6721ee98e3e3cf99551a6,e6d779654cda63d632bd8dfcdcabd125057e30a5)`	affected	code_commit	—
`[e7447128ca4a250374d6721ee98e3e3cf99551a6,a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1)`	affected	code_commit	—
`[e7447128ca4a250374d6721ee98e3e3cf99551a6,803ec1faf7c1823e6e3b1f2aaa81be18528c9436)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.4`	affected	semver	—
`[0,6.4)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest kernel update that contains the Samsung DSIM host attach error‑handling fix.
If a kernel update is not immediately available, temporarily disable or unload the samsung_dsim module to stop further leaks until a fixed kernel is deployed.
If neither option is possible, consider backporting the patch from the kernel source and rebuilding the kernel.

Generated by OpenCVE AI on May 9, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95
https://git.kernel.org/stable/c/803ec1faf7c1823e6e3b1f2aaa81be18528c9436
https://git.kernel.org/stable/c/98310fe3a2a79671b739a5344c1a11d74c503e25
https://git.kernel.org/stable/c/a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1
https://git.kernel.org/stable/c/e6d779654cda63d632bd8dfcdcabd125057e30a5
https://lore.kernel.org/linux-cve-announce/2026050838-CVE-2026-43397-2864@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43397
https://www.cve.org/CVERecord?id=CVE-2026-43397

History

Sat, 09 May 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-390
References		https://lore.kernel.org/linux-cve-announce/2026050838-CVE-2026-43397-2864@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43397 https://www.cve.org/CVERecord?id=CVE-2026-43397

Fri, 08 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach() fails afterwards, the function returns without removing the bridge, causing a memory leak. Fix this by adding proper error handling with goto labels to ensure drm_bridge_remove() is called in all error paths. Also ensure that samsung_dsim_unregister_te_irq() is called if the attach operation fails after the TE IRQ has been registered. samsung_dsim_unregister_te_irq() function is moved without changes to be before samsung_dsim_host_attach() to avoid forward declaration.
Title		drm/bridge: samsung-dsim: Fix memory leak in error path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95 https://git.kernel.org/stable/c/803ec1faf7c1823e6e3b1f2aaa81be18528c9436 https://git.kernel.org/stable/c/98310fe3a2a79671b739a5344c1a11d74c503e25 https://git.kernel.org/stable/c/a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1 https://git.kernel.org/stable/c/e6d779654cda63d632bd8dfcdcabd125057e30a5

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:40.185Z

Updated: 2026-05-08T14:21:40.185Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43397

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:51.117

Modified: 2026-05-08T15:16:51.117

Link: CVE-2026-43397

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43397 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T04:30:17Z

Weaknesses

CWE-390

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object