Bug 2467186 (CVE-2026-43246)

Summary: CVE-2026-43246 kernel: media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: helengrace.he, rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's `tw9906` driver. An issue in an error path within the `tw9906_probe()` function can lead to a memory leak. Specifically, memory allocated during the initialization of the video for Linux 2 (V4L2) control handler is not properly released, which could result in system instability or resource exhaustion over time.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 13:09:29 UTC
In the Linux kernel, the following vulnerability has been resolved:

media: i2c/tw9906: Fix potential memory leak in tw9906_probe()

In one of the error paths in tw9906_probe(), the memory allocated in
v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that
by calling v4l2_ctrl_handler_free() on the handler in that error path.

Comment 2 Helen Grace 2026-05-25 07:57:20 UTC
(In reply to OSIDB Bzimport from comment #0)
> In the Linux kernel, the following vulnerability has been resolved:
> 
> media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
> https://wackygame.org/ 
> In one of the error paths in tw9906_probe(), the memory allocated in
> v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that
> by calling v4l2_ctrl_handler_free() on the handler in that error path.

This is one of those tiny-looking fixes that quietly improves long-term system stability.