Skip to main content

Linux Kernel CVE-2026-43151

| EUVDEUVD-2026-27714 MEDIUM
2026-05-06 Linux GHSA-h7j6-jxcq-9qj7
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:59 vuln.today
CVSS changed
May 13, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

Revert "media: iris: Add sanity check for stop streaming"

This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.

Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused multiple regressions:

  1. Buffers were not returned to vb2 when the instance was already in

error state, triggering warnings in the vb2 core because buffer completion was skipped.

  1. If a session failed early (e.g. unsupported configuration), the

instance transitioned to IRIS_INST_ERROR. When userspace attempted to stop streaming for cleanup, stop_streaming was skipped due to the added check, preventing proper teardown and leaving the firmware in an inconsistent state.

AnalysisAI

Local denial-of-service in the Linux kernel's iris media driver (Qualcomm video codec) results from a regression introduced by commit ad699fa78b59241c9d71a8cafb51525f3dab04d4, now reverted. When a media session enters IRIS_INST_ERROR state and userspace subsequently calls stop_streaming for cleanup, the erroneous check skipped the handler entirely - preventing videobuf2 (vb2) buffer returns and leaving firmware in an inconsistent, non-recoverable state. Affected are systems running the iris V4L2 driver on Qualcomm hardware; no public exploit identified at time of analysis and EPSS is 0.02% (percentile 4%), indicating minimal real-world exploitation activity.

Technical ContextAI

The iris driver is a V4L2 (Video4Linux2) kernel media driver for Qualcomm's Iris hardware video codec IP, used for accelerated encode/decode on Qualcomm SoCs. It integrates with the videobuf2 (vb2) framework, which manages kernel-space video buffer lifecycles. The regression was introduced in stop_streaming, the V4L2 callback responsible for draining and returning all queued buffers to vb2 before a streaming session terminates. The faulty check caused stop_streaming to bail early when the driver instance state was IRIS_INST_ERROR, violating vb2's contract that all buffers must be returned upon stream stop. This produced vb2 core warnings (WARN_ON) and left the firmware state machine in an undefined state. CPE data identifies the affected product as cpe:2.3:a:linux:linux. No CWE has been formally assigned, but the root cause class is improper state machine handling during error recovery - similar to CWE-755 (Improper Handling of Exceptional Conditions).

RemediationAI

Upgrade to a patched Linux kernel release: 7.0, 6.19.6, or 6.18.16, all of which contain the revert of the problematic commit. Fix commits are available on the kernel stable tree at https://git.kernel.org/stable/c/bd4f8fa216182f33c06d4c1e162975a0c42fb14e, https://git.kernel.org/stable/c/a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398, and https://git.kernel.org/stable/c/370e19042fb8ac68109f8bdb0fdd8118baf39318. For systems where a kernel upgrade is not immediately possible, a compensating control is to restrict access to iris V4L2 device nodes (e.g., /dev/video*) to trusted users only via udev rules or group permissions, which prevents unprivileged local users from triggering the error path. Note that this workaround does not eliminate the risk if a privileged multimedia process is compromised. Red Hat and SUSE advisories should be monitored for distribution-specific package updates.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43151 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy