CVE-2026-43146

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Add buffer to list only after successful allocation

Move list_add_tail() to after dma_alloc_attrs() succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers->list before the DMA allocation. If the allocation failed, the function returned -ENOMEM while leaving a partially initialized buffer in the list, which could lead to inconsistent state and potential leaks.

By adding the buffer to the list only after dma_alloc_attrs() succeeds, we ensure the list contains only valid, fully initialized buffers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux73702f45db81b74897b2808aaa13484826156006 < 45b30f65feeb4d5570d5337793bb0f298be813d2affected
LinuxLinux73702f45db81b74897b2808aaa13484826156006 < 98b4c4c90f1e11caecbe2093dbe3a901d338bc81affected
LinuxLinux73702f45db81b74897b2808aaa13484826156006 < 2d0bbd982dfdd67da488a772f7a8a1bdca7642bfaffected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References