media: vidtv: fix pass-by-value structs causing MSAN warnings

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-43058
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-02 07:16:20 UTC
Updated2026-06-01 17:17:01 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtv_ts_null_write_into() has triggered a report so far, both functions share the same issue. Fix by passing both structs by const pointer instead, avoiding the stack copy of the struct along with its MSAN shadow and origin metadata. The functions do not modify the structs, which is enforced by the const qualifier.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000130000 probability, percentile 0.023700000 (date 2026-05-28)

Problem Types: CWE-476

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 a876d72ceba7fe5444005239f363c105767e0ecf git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 a73f84a30975e6c4ae06efd500d31c82564dba10 git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 c034d8094fee474eb94142c17643eee2919079b7 git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 e3957eb26a3d570aefc6bb184fa8b8a1e9a4e508 git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 be57e52e27c7cbfb400a8f255e475cbcff242baa git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 6d75a9ec5bdb8cf8382eaf8f8fe831ba7d58a9d4 git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 57b01d945ed68cebe486d495dadc4901a96d3aaa git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 1b2820c8a9887981634020db19f1a2425558b88e git Not specified
CNA Linux Linux affected f90cf6079bf67988f8b1ad1ade70fc89d0080905 5f8e73bde67e931468bc2a1860d78d72f0c6ba41 git Not specified
CNA Linux Linux affected 5.10 Not specified
CNA Linux Linux unaffected 5.10 semver Not specified
CNA Linux Linux unaffected 5.10.258 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.209 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.175 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.136 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.83 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.24 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.14 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0.1 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1-rc1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/57b01d945ed68cebe486d495dadc4901a96d3aaa 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/5f8e73bde67e931468bc2a1860d78d72f0c6ba41 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/1b2820c8a9887981634020db19f1a2425558b88e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/be57e52e27c7cbfb400a8f255e475cbcff242baa 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/6d75a9ec5bdb8cf8382eaf8f8fe831ba7d58a9d4 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/e3957eb26a3d570aefc6bb184fa8b8a1e9a4e508 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/c034d8094fee474eb94142c17643eee2919079b7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a73f84a30975e6c4ae06efd500d31c82564dba10 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a876d72ceba7fe5444005239f363c105767e0ecf 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report