CVE-2026-43162

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: tegra-video: Fix memory leak in __tegra_channel_try_format()

The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed.

In __tegra_channel_try_format(), two error paths return directly after v4l2_subdev_call() fails, without freeing the allocated 'sd_state' object. This violates the requirement and causes a memory leak.

Fix this by introducing a cleanup label and using goto statements in the error paths to ensure that __v4l2_subdev_state_free() is always called before the function returns.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < 6c6f419fa9c44a4b7149b0292e01bff47308ba14affected
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < ca921be7a1174d5d58b28f84b683c2c0079f18c5affected
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < 3ca2f09061736e72ef25eec2597d00f7f44094d3affected
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < 2dff8966a3a889dd9d248a7e15d963b4097efcc5affected
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5aaffected
LinuxLinux1ebaeb09830f36c1111b72a95420814225bd761c < 43e5302d22334f1183dec3e0d5d8007eefe2817caffected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.77 <= 6.12.*unaffected
LinuxLinux6.18.17 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References