CVE-2026-43397
Published: May 8, 2026· Updated: May 12, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: samsung-dsim: Fix memory leak in error path
In samsung_dsim_host_attach(), drm_bridge_add() is called to add the
bridge. However, if samsung_dsim_register_te_irq() or
pdata->host_ops->attach() fails afterwards, the function returns
without removing the bridge, causing a memory leak.
Fix this by adding proper error handling with goto labels to ensure
drm_bridge_remove() is called in all error paths. Also ensure that
samsung_dsim_unregister_te_irq() is called if the attach operation
fails after the TE IRQ has been registered.
samsung_dsim_unregister_te_irq() function is moved without changes
to be before samsung_dsim_host_attach() to avoid forward declaration.
Technical Analysis
CVE-2026-43397 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
Affected Vendors & Products
Exploit & PoC Resources
All References (5)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-43397 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts