2467080 – (CVE-2026-43146) CVE-2026-43146 kernel: media: iris: Add buffer to list only after successful allocation

Bug 2467080 (CVE-2026-43146) - CVE-2026-43146 kernel: media: iris: Add buffer to list only after successful allocation

Summary: CVE-2026-43146 kernel: media: iris: Add buffer to list only after successful ...

Keywords:
Status:	NEW
Alias:	CVE-2026-43146
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:03 UTC by OSIDB Bzimport
Modified:	2026-05-06 18:42 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:03:11 UTC

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Add buffer to list only after successful allocation

Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating
internal buffers. Previously, the buffer was enqueued in `buffers->list`
before the DMA allocation. If the allocation failed, the function returned
`-ENOMEM` while leaving a partially initialized buffer in the list, which
could lead to inconsistent state and potential leaks.

By adding the buffer to the list only after `dma_alloc_attrs()` succeeds,
we ensure the list contains only valid, fully initialized buffers.

Comment 1 Keith Grant 2026-05-06 18:40:26 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050626-CVE-2026-43146-c0ee@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.