Improper resource shutdown or release in Linux kernel - CVE-2026-43135
Published: May 7, 2026
Vulnerability identifier: #VU130609
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43135
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in snd_cx23885_hw_params() when handling error conditions during DMA buffer setup. A local user can trigger an error path to cause a denial of service.
How to mitigate CVE-2026-43135
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0b7f56084cc3d7766bf274b71cd14cc9674b76bf
- https://git.kernel.org/stable/c/141c81849fab2ad4d6e3fdaff7cbaa873e8b5eb2
- https://git.kernel.org/stable/c/505630dd1ebf4b53d3f2866c057ddd93157a24d8
- https://git.kernel.org/stable/c/544215cc37d032ccaf1919852c05e2439a4d7540
- https://git.kernel.org/stable/c/9544b73cad4ee667fed6a60f71570c58a870a735
- https://git.kernel.org/stable/c/9c0a6ff538660c36a98081916a24f08d55a91331
- https://git.kernel.org/stable/c/fc4df593a8ffded2f77d69a73ecb51d364932ca5
- https://git.kernel.org/stable/c/fda46c9025b755ea50a969b960f333be62421b71