CVE-2026-43242 Overview
CVE-2026-43242 is a memory leak vulnerability in the Linux kernel's Texas Instruments K3 SoC information driver (soc/ti/k3-socinfo). The driver allocates an mmio regmap during probe but never releases it. The leak occurs on probe failures such as probe deferral and on driver unbind. The fix transitions allocation to the device-managed allocator so the regmap is freed automatically when the device is removed or probing fails.
Critical Impact
Repeated probe deferrals or driver bind/unbind cycles cause kernel memory exhaustion on systems using TI K3-class SoCs, degrading platform stability over time.
Affected Products
- Linux kernel builds containing the drivers/soc/ti/k3-socinfo.c driver
- Texas Instruments K3 architecture platforms relying on the SoC info driver
- Distribution kernels backporting the affected commit prior to the fix
Discovery Timeline
- 2026-05-06 - CVE-2026-43242 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43242
Vulnerability Analysis
The vulnerability resides in the probe path of the k3-socinfo driver, which exposes Texas Instruments K3 SoC identification data through sysfs. During probe, the driver allocates an mmio regmap to access SoC identification registers. The allocation is performed using a non-managed API, meaning the kernel does not automatically reclaim the memory when the driver releases the device.
When probe fails — for example through -EPROBE_DEFER returns triggered by missing dependencies — the driver exits without freeing the regmap. The same leak occurs when the driver is explicitly unbound from sysfs or removed. Each failed probe attempt or unbind cycle leaves an orphaned regmap allocation in kernel memory.
Root Cause
The root cause is improper resource lifecycle management in the probe routine. The driver uses regmap_init_mmio() rather than the device-managed devm_regmap_init_mmio() variant. Without the devm_ prefix, the kernel does not associate the allocation with the device's resource list, so cleanup is never triggered automatically.
Attack Vector
Exploitation requires local access on an affected platform. An attacker with sufficient privilege to trigger driver bind/unbind operations through sysfs paths such as /sys/bus/platform/drivers/k3-socinfo/bind can repeatedly cycle the driver to amplify the leak. Probe deferral conditions encountered during normal boot also trigger the leak without attacker action. The impact is limited to kernel memory exhaustion and resource starvation rather than code execution.
The vulnerability mechanism is described in the upstream kernel changelog. See the kernel commit fixing the regmap leak for the patch contents.
Detection Methods for CVE-2026-43242
Indicators of Compromise
- Steadily growing kmalloc slab usage on TI K3 platforms reported by /proc/slabinfo or slabtop.
- Repeated probe deferral messages for k3-socinfo in dmesg correlated with kernel memory pressure.
- Kernel out-of-memory events on long-running embedded devices using TI K3 SoCs.
Detection Strategies
- Audit running kernel versions against the fixed commits referenced in the kernel.org stable tree.
- Use kmemleak instrumentation to confirm regmap allocations leaked from k3_socinfo_probe().
- Monitor driver bind/unbind activity through audit rules on /sys/bus/platform/drivers/k3-socinfo/.
Monitoring Recommendations
- Track kernel slab growth trends on fleet endpoints to surface anomalies before exhaustion.
- Alert on unexpected use of bind/unbindsysfs interfaces by non-root or non-system identities.
- Correlate kernel log entries containing k3-socinfo probe events with memory utilization counters.
How to Mitigate CVE-2026-43242
Immediate Actions Required
- Apply the upstream Linux kernel patch that switches k3-socinfo to devm_regmap_init_mmio().
- Update to a stable kernel release containing the referenced fix commits on TI K3 platforms.
- Restrict access to platform driver bind/unbindsysfs entries to privileged administrators only.
Patch Information
The fix replaces the unmanaged regmap allocation with the device-managed devm_regmap_init_mmio() API, ensuring the regmap is released automatically on probe failure or driver unbind. Patches are available across multiple stable branches via the Linux kernel stable tree. Distribution maintainers have backported the change; users should update to vendor kernels incorporating the listed commits.
Workarounds
- Avoid manual driver unbind operations on k3-socinfo until patched kernels are deployed.
- Resolve dependency ordering issues that trigger repeated probe deferrals during boot.
- Monitor and reboot affected systems before kernel memory exhaustion impacts workloads.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
