{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43142","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.989Z","datePublished":"2026-05-06T11:27:26.856Z","dateUpdated":"2026-05-11T22:18:34.249Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:18:34.249Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: gen1: Destroy internal buffers after FW releases\n\nAfter the firmware releases internal buffers, the driver was not\ndestroying them. This left stale allocations that were no longer used,\nespecially across resolution changes where new buffers are allocated per\nthe updated requirements. As a result, memory was wasted until session\nclose.\n\nDestroy internal buffers once the release response is received from the\nfirmware."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/iris/iris_hfi_gen1_command.c"],"versions":[{"version":"73702f45db81b74897b2808aaa13484826156006","lessThan":"7cde76db8883ec8a3d1456068079ecadbfb15ca5","status":"affected","versionType":"git"},{"version":"73702f45db81b74897b2808aaa13484826156006","lessThan":"d4457f23ac0130240053a34be663f0fade3bb371","status":"affected","versionType":"git"},{"version":"73702f45db81b74897b2808aaa13484826156006","lessThan":"1dabf00ee206eceb0f08a1fe5d1ce635f9064338","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/iris/iris_hfi_gen1_command.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7cde76db8883ec8a3d1456068079ecadbfb15ca5"},{"url":"https://git.kernel.org/stable/c/d4457f23ac0130240053a34be663f0fade3bb371"},{"url":"https://git.kernel.org/stable/c/1dabf00ee206eceb0f08a1fe5d1ce635f9064338"}],"title":"media: iris: gen1: Destroy internal buffers after FW releases","x_generator":{"engine":"bippy-1.2.0"}}}}