CVE-2026-43146

Published: May 6, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating internal buffers. Previously, the buffer was enqueued in `buffers->list` before the DMA allocation. If the allocation failed, the function returned `-ENOMEM` while leaving a partially initialized buffer in the list, which could lead to inconsistent state and potential leaks. By adding the buffer to the list only after `dma_alloc_attrs()` succeeds, we ensure the list contains only valid, fully initialized buffers.

Vendor	Product	Versions
Linux	Linux	affected `73702f45db81b74897b2808aaa13484826156006 - < 45b30f65feeb4d5570d5337793bb0f298be813d2` affected `73702f45db81b74897b2808aaa13484826156006 - < 98b4c4c90f1e11caecbe2093dbe3a901d338bc81` affected `73702f45db81b74897b2808aaa13484826156006 - < 2d0bbd982dfdd67da488a772f7a8a1bdca7642bf`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.18.16 - <= 6.18.` unaffected `6.19.6 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/45b30f65feeb4d5570d5337793bb0f298be813d2

https://git.kernel.org/stable/c/98b4c4c90f1e11caecbe2093dbe3a901d338bc81

https://git.kernel.org/stable/c/2d0bbd982dfdd67da488a772f7a8a1bdca7642bf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43146

Description

Affected Products

References