Main Vulnerability Database Vulnerabilities #VU130600

Improper resource shutdown or release in Linux kernel - CVE-2026-43142

Published: May 7, 2026

Vulnerability identifier: #VU130600

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-43142

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource shutdown or release in internal buffers in the iris gen1 media driver when handling firmware buffer release responses across resolution changes. A local user can trigger resolution changes to cause a denial of service.

The issue can leave stale allocations until the session is closed.

How to mitigate CVE-2026-43142

Install security update from vendor's repository.

Improper resource shutdown or release in Linux kernel - CVE-2026-43142

Detailed vulnerability description

How to mitigate CVE-2026-43142

Sources

Please verify you're human