{
  "public_date" : "2026-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iio: light: bh1780: fix PM runtime leak on error path",
    "id" : "2468238",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468238"
  },
  "cwe" : "CWE-911",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niio: light: bh1780: fix PM runtime leak on error path\nMove pm_runtime_put_autosuspend() before the error check to ensure\nthe PM runtime reference count is always decremented after\npm_runtime_get_sync(), regardless of whether the read operation\nsucceeds or fails.", "A flaw was found in the Linux kernel's bh1780 light sensor driver. This vulnerability occurs due to a Power Management (PM) runtime leak, where the system's reference count for power management is not always properly decremented. An attacker could exploit this by repeatedly triggering the error path, leading to resource exhaustion. This can result in a Denial of Service (DoS), making the system unresponsive or unstable." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43355\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43355\nhttps://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43355-db72@gregkh/T" ],
  "name" : "CVE-2026-43355",
  "csaw" : false
}