Improper resource shutdown or release in Linux kernel - CVE-2026-43257
Published: May 7, 2026
Vulnerability identifier: #VU130459
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43257
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in snd_cx88_hw_params() when handling hardware parameter setup error paths. A local user can trigger an error condition to cause a denial of service.
How to mitigate CVE-2026-43257
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/10ab64f8efc2f479293dce929fde326c285fc96f
- https://git.kernel.org/stable/c/1ce8c2a8f050a23240553c8bae628ac623f9dbc1
- https://git.kernel.org/stable/c/24f3dabeb97bd0bec8c1c926c97e3eb6a8129225
- https://git.kernel.org/stable/c/3baefeeb7b85e1e34eebef399ffa312be7179e30
- https://git.kernel.org/stable/c/dbc527d980f7ba8559de38f8c1e4158c71a78915
- https://git.kernel.org/stable/c/dc911fccc6e08ef46a66b2a42a764252b001ee3c
- https://git.kernel.org/stable/c/e3fb15aadfc8643203bbdf97ace0396e4586fa64
- https://git.kernel.org/stable/c/f0d7f735eba963742009b0706e19dd0bed91537a