PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43397 Linux CVE debrief

CVE-2026-43397 is a Linux kernel issue in the drm/bridge samsung-dsim driver where an attach failure path could leave the bridge registered and leak memory. The flaw was published on 2026-05-08 and later updated on 2026-05-21. NVD rates it CVSS 5.5 (medium) with a local, low-privilege attack vector and availability impact only.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distribution security teams, and operators of systems that include the samsung-dsim DRM bridge driver in affected kernel branches should prioritize this fix. It is especially relevant for environments that rely on vendor or downstream kernels carrying this driver.

Technical summary

The reported bug is in samsung_dsim_host_attach(). The driver calls drm_bridge_add(), but if samsung_dsim_register_te_irq() or pdata->host_ops->attach() fails afterward, the function returned without removing the bridge. That left cleanup incomplete and caused a memory leak. The fix adds proper error handling so drm_bridge_remove() is called on all failure paths and ensures samsung_dsim_unregister_te_irq() runs if attach fails after TE IRQ registration. The helper was also moved before samsung_dsim_host_attach() without behavioral changes to avoid a forward declaration.

Defensive priority

Medium. This is a kernel availability issue rather than a code-execution flaw, but it affects core driver cleanup and can accumulate leaked resources on repeated failures. Patch promptly if you run affected kernel versions or downstream builds that include the samsung-dsim driver.

Recommended defensive actions

  • Apply the upstream or vendor backport that fixes samsung_dsim_host_attach() cleanup handling.
  • Verify whether your kernel build includes the samsung-dsim DRM bridge driver and whether it is enabled in deployed images.
  • Upgrade off affected release ranges listed by NVD: 6.4 through before 6.6.130, 6.7 through before 6.12.78, 6.13 through before 6.18.19, 6.19 through before 6.19.9, and 7.0-rc1.
  • Track downstream vendor advisories and kernel stable backports for your specific branch before rolling out.
  • If immediate patching is not possible, reduce exposure on systems that do not require the affected driver and monitor for repeated driver attach failures or abnormal memory growth.

Evidence notes

All substantive claims here come from the supplied CVE record and NVD metadata. The CVE description states the missing cleanup on error paths, the addition of goto-based cleanup, and the move of samsung_dsim_unregister_te_irq(). NVD marks the issue analyzed, assigns CWE-401, CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and lists vulnerable Linux kernel version ranges. Patch references are official git.kernel.org stable commits supplied in the record.

Official resources

CVE published on 2026-05-08 and last modified on 2026-05-21.