CVE-2026-43397
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/05/2026
Last modified:
21/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/bridge: samsung-dsim: Fix memory leak in error path<br />
<br />
In samsung_dsim_host_attach(), drm_bridge_add() is called to add the<br />
bridge. However, if samsung_dsim_register_te_irq() or<br />
pdata->host_ops->attach() fails afterwards, the function returns<br />
without removing the bridge, causing a memory leak.<br />
<br />
Fix this by adding proper error handling with goto labels to ensure<br />
drm_bridge_remove() is called in all error paths. Also ensure that<br />
samsung_dsim_unregister_te_irq() is called if the attach operation<br />
fails after the TE IRQ has been registered.<br />
<br />
samsung_dsim_unregister_te_irq() function is moved without changes<br />
to be before samsung_dsim_host_attach() to avoid forward declaration.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.4 (including) | 6.6.130 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.78 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0b07f7d2c5a4078c2f1c11bb36685084fe4e5c95
- https://git.kernel.org/stable/c/803ec1faf7c1823e6e3b1f2aaa81be18528c9436
- https://git.kernel.org/stable/c/98310fe3a2a79671b739a5344c1a11d74c503e25
- https://git.kernel.org/stable/c/a40b92fb4b26d4cb1b5e439e55a56db7e79a82d1
- https://git.kernel.org/stable/c/e6d779654cda63d632bd8dfcdcabd125057e30a5