CVE-2026-43270 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()

In mtk_mdp_probe(), vpu_get_plat_device() increases the reference
count of the returned platform device. Add platform_device_put()
to prevent reference leak.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 403b7c757ac9f6b2ffb7d00ff4795a245f5e8911
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< dd530e29bd514d7187b3e2df8eb2107419c7988f
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< c44beed2e5caf2cbbe651432baa3a129f18b0169
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 4f2a51433a3a65d16975d1e32052d80656da077d
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< a62ba5aa9ee95fd953583e95e519badf0b76ecf3
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< 2d93758f42a57f3485534eab858b308e41653de4
`c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a`	affected	< f128bab57b8018e526b7eda854ca20069863af47

Linux

affected

Version	Status	Constraints
`4.10`	affected	—
`0`	unaffected	< 4.10
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2d93758f42a57f3485534eab858b308e41653de4
https://git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff4795a245f5e8911
https://git.kernel.org/stable/c/4f2a51433a3a65d16975d1e32052d80656da077d
https://git.kernel.org/stable/c/564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d
https://git.kernel.org/stable/c/a62ba5aa9ee95fd953583e95e519badf0b76ecf3
https://git.kernel.org/stable/c/c44beed2e5caf2cbbe651432baa3a129f18b0169
https://git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8eb2107419c7988f
https://git.kernel.org/stable/c/f128bab57b8018e526b7eda854ca20069863af47
https://lore.kernel.org/linux-cve-announce/2026050610-CVE-2026-43270-f9c8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43270
https://www.cve.org/CVERecord?id=CVE-2026-43270

History

Fri, 08 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-772

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050610-CVE-2026-43270-f9c8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43270 https://www.cve.org/CVERecord?id=CVE-2026-43270

Wed, 06 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() In mtk_mdp_probe(), vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak.
Title		media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2d93758f42a57f3485534eab858b308e41653de4 https://git.kernel.org/stable/c/403b7c757ac9f6b2ffb7d00ff4795a245f5e8911 https://git.kernel.org/stable/c/4f2a51433a3a65d16975d1e32052d80656da077d https://git.kernel.org/stable/c/564fd3a63efc3ebbdb5d0a8fc7c0d3f753fbbd5d https://git.kernel.org/stable/c/a62ba5aa9ee95fd953583e95e519badf0b76ecf3 https://git.kernel.org/stable/c/c44beed2e5caf2cbbe651432baa3a129f18b0169 https://git.kernel.org/stable/c/dd530e29bd514d7187b3e2df8eb2107419c7988f https://git.kernel.org/stable/c/f128bab57b8018e526b7eda854ca20069863af47

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:54.866Z

Updated: 2026-05-11T22:21:18.648Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43270

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:48.190

Modified: 2026-05-08T20:00:20.540

Link: CVE-2026-43270

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43270 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T21:30:05Z

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object