Linux Kernel DRM Atmel-HLCDC memory leak via atomic_destroy_state
CVE-2026-43269 Published on May 6, 2026
drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
In the Linux kernel, the following vulnerability has been resolved:
drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
After several commits, the slab memory increases. Some drm_crtc_commit
objects are not freed. The atomic_destroy_state callback only put the
framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function
to put all the objects that are no longer needed.
It has been seen after hours of usage of a graphics application or using
kmemleak:
unreferenced object 0xc63a6580 (size 64):
comm "egt_basic", pid 171, jiffies 4294940784
hex dump (first 32 bytes):
40 50 34 c5 01 00 00 00 ff ff ff ff 8c 65 3a c6 @P4..........e:.
8c 65 3a c6 ff ff ff ff 98 65 3a c6 98 65 3a c6 .e:......e:..e:.
backtrace (crc c25aa925):
kmemleak_alloc+0x34/0x3c
__kmalloc_cache_noprof+0x150/0x1a4
drm_atomic_helper_setup_commit+0x1e8/0x7bc
drm_atomic_helper_commit+0x3c/0x15c
drm_atomic_commit+0xc0/0xf4
drm_atomic_helper_set_config+0x84/0xb8
drm_mode_setcrtc+0x32c/0x810
drm_ioctl+0x20c/0x488
sys_ioctl+0x14c/0xc20
ret_fast_syscall+0x0/0x54
Products Associated with CVE-2026-43269
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 6d4e91ab97fda64e8cf9c8881cc3b4da026bd849 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 5718d98976ad6b9700e5a6afec67fc47a8a92580 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 57fa3487acfa3467405f8506b94682abd96e7393 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below ec40702029b08ee8d5f5b03303d64a10e74a957b is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 25e832a7830740e72103eb0b527680a4b64bbcb3 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 082271e364a3205598c2e4e6233a9f49ce7941cf is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 3e64e78f4a70e3f6ac8fe5a7071f08ffd25a2489 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below f12352471061df83a36edf54bbb16284793284e4 is affected.
- Version 5.10.252, <= 5.10.* is unaffected.
- Version 5.15.202, <= 5.15.* is unaffected.
- Version 6.1.165, <= 6.1.* is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.