PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43246 Linux CVE debrief

CVE-2026-43246 is a Linux kernel memory-leak issue in the media:i2c/tw9906 driver. In an error path in tw9906_probe(), memory allocated by v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() was not freed. The fix adds v4l2_ctrl_handler_free() on that handler before returning from the failing path. NVD classifies the issue as medium severity and maps it to CWE-401 (Missing Release of Memory after Effective Lifetime).

Vendor
Linux
Product
CVE-2026-43246
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-05-11
Advisory published
2026-05-06
Advisory updated
2026-05-11

Who should care

Linux kernel maintainers, distribution security teams, and operators running kernels that include the tw9906 media driver should care, especially if they ship or backport media-subsystem updates. Environments that rely on long uptime or may repeatedly exercise device probe/error paths are the most relevant from a defensive standpoint.

Technical summary

According to the CVE description, tw9906_probe() had at least one failure path where objects created by v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() were not released. That creates a kernel memory leak in the driver’s probe failure handling. NVD lists the issue under CVSS v3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local, low-complexity impact focused on availability. NVD’s affected-version criteria span multiple Linux kernel branches, including 3.10 through versions before 5.10.252, 5.11 through before 5.15.202, 5.16 through before 6.1.165, 6.2 through before 6.6.128, 6.7 through before 6.12.75, 6.13 through before 6.18.16, and 6.19 through before 6.19.6.

Defensive priority

Medium. This is not presented as a code-execution or data-disclosure flaw; the primary concern is kernel resource exhaustion from leaked memory in an error path. It should still be patched promptly in affected kernels because repeated failures or churn in the affected probe path could accumulate impact over time.

Recommended defensive actions

  • Check whether your kernel includes the tw9906 probe-path fix from the referenced kernel patches.
  • Prioritize backporting or installing vendor kernels that include the fix for the affected stable branches listed by NVD.
  • If you build custom kernels, merge the upstream/stable patch that adds v4l2_ctrl_handler_free() in the error path.
  • Verify whether your deployments even include the tw9906 media driver; if they do not, track the issue for completeness but lower operational urgency.
  • Use routine kernel update processes to pick up the corrected stable releases for your branch.

Evidence notes

The CVE description explicitly states that the leak occurs in one error path in tw9906_probe() because memory allocated by v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() was not freed, and that the fix is to call v4l2_ctrl_handler_free() on that handler in the failing path. NVD marks the vuln status as Analyzed and provides patch references on kernel.org. The published timestamp is 2026-05-06T12:16:45.103Z and the modified timestamp is 2026-05-11T13:32:06.267Z.

Official resources

Published by the CVE record on 2026-05-06T12:16:45.103Z and last modified on 2026-05-11T13:32:06.267Z. NVD lists the issue as analyzed and links kernel.org patch references.