CVE-2026-43105

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix memory leak of BO array in hang state

The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the missing kfree() for the BO array before freeing the hang state struct.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < 7235fc096ece53211bd2c0e958c65f9b802aeb98affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < 686bb2fce082f043db50db02b5de5c64ca4dc4c4affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < 9c092941fc1d00933bcb46ecac1cb930db3abf5daffected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < a812008fe3a0aebb778d277b35717f64e23d0302affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < 0d3c014a84396a147705f523a8fd6fc873e76502affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < 421cea4f71f7cf65abaae878562ee4aa2b684628affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < b8138567c4a80fd76a647849ebd4284996cf4b17affected
LinuxLinux214613656b5179f0daab6e0a080814b5100d45f0 < f4dfd6847b3e5d24e336bca6057485116d17aea4affected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.136 <= 6.6.*unaffected
LinuxLinux6.12.83 <= 6.12.*unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References