PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43072 Linux CVE debrief

A missing error check in the Linux kernel's DRM VC4 driver allows a negative IRQ error code from platform_get_irq_byname() to be passed directly into devm_request_threaded_irq(), leading to undefined behavior and potential local denial of service. The flaw exists because the return value was treated as valid without verifying it was non-negative. Patches are available for multiple stable kernel branches.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-05
Original CVE updated
2026-05-29
Advisory published
2026-05-05
Advisory updated
2026-05-29

Who should care

Organizations running Linux systems with VideoCore 4 graphics hardware (Raspberry Pi and similar ARM-based devices using the VC4 DRM driver), embedded Linux vendors, and distribution maintainers shipping affected kernel versions.

Technical summary

In the Linux kernel's DRM VC4 (VideoCore 4) driver, the platform_get_irq_byname() function returns a signed integer that can be negative on error. The vulnerable code passed this return value directly to devm_request_threaded_irq() without validation. When platform_get_irq_byname() fails (e.g., due to missing or misconfigured device tree IRQ entries), the negative error code is interpreted as an IRQ number, causing undefined behavior during driver probe or runtime. This is a local vulnerability requiring low privileges with no user interaction, resulting in high availability impact per CVSS 3.1 scoring. The fix adds proper error checking before using the returned IRQ value.

Defensive priority

medium

Recommended defensive actions

  • Apply the appropriate stable kernel patch for your branch (5.15.y, 6.6.y, 6.12.y, 6.18.y, 6.19.y, or 7.0.y) from the official Linux kernel stable repository.
  • Upgrade to a fixed kernel version: 6.6.136 or later, 6.12.83 or later, 6.18.24 or later, 6.19.14 or later, or 7.0.1 or later.
  • If running a custom or vendor kernel, verify with your Linux distribution or device vendor that the DRM VC4 driver fix has been backported.
  • Monitor system logs for VC4 driver probe failures or IRQ-related errors as indicators of potential trigger conditions.

Evidence notes

The vulnerability description states platform_get_irq_byname() returns an int that should be checked before passing to devm_request_threaded_irq(). Multiple stable kernel patches are referenced. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H yields score 5.5 (MEDIUM). CPE criteria indicate affected versions from 5.15 through 6.6.136, 6.7 through 6.12.83, 6.13 through 6.18.24, 6.19 through 6.19.14, and 7.0 through 7.0.1.

Official resources

2026-05-05