CVE-2026-43058
Published: May 2, 2026· Updated: May 6, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix pass-by-value structs causing MSAN warnings
vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their
argument structs by value, causing MSAN to report uninit-value warnings.
While only vidtv_ts_null_write_into() has triggered a report so far,
both functions share the same issue.
Fix by passing both structs by const pointer instead, avoiding the
stack copy of the struct along with its MSAN shadow and origin metadata.
The functions do not modify the structs, which is enforced by the const
qualifier.
Technical Analysis
CVE-2026-43058 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
Affected Vendors & Products
Exploit & PoC Resources
All References (6)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-43058 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts