Skip to main content

Linux Kernel CVE-2026-43310

| EUVDEUVD-2026-28580 MEDIUM
2026-05-08 Linux GHSA-6g88-27p6-cw4p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 20:15 vuln.today
CVSS changed
May 15, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produce corrupted pictures, even potentially lead to system hang.

[ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out. [ 110.583517] hantro-vpu 38310000.video-codec: bus error detected.

Therefore, it is necessary to ensure that g1 and g2 operate alternately. This allows for successful multi-instance decoding of H.264 and HEVC.

To achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the v4l2_m2m_dev can handle the scheduling.

AnalysisAI

Hardware-level denial of service in Linux kernel verisilicon media driver on i.MX8MQ platform allows local authenticated users to trigger VPU bus errors and system hangs through simultaneous H.264/HEVC decoding. Affects kernel versions 5.14 through pre-6.19.6 and pre-7.0. Patches available via stable kernel commits 286d629d1064 and e0203ddf9af7. EPSS score of 0.02% indicates minimal observed exploitation, and CVSS 5.5 reflects local scope with low complexity. No public exploit code identified, and not listed in CISA KEV.

Technical ContextAI

The vulnerability resides in the hantro-vpu driver (verisilicon module) for NXP i.MX8MQ SoC, which contains dual video processing units (G1 and G2 VPUs). Due to silicon-level hardware constraints specific to i.MX8MQ, concurrent operation of G1 (typically MPEG/VP8) and G2 (H.264/HEVC) decoders causes bus contention at the hardware interconnect layer. Without proper software-level mutual exclusion, simultaneous decode requests trigger memory bus errors detected by the VPU subsystem, manifesting as decode timeouts and corrupted output buffers. The fix implements resource arbitration by consolidating both VPUs under a shared v4l2_m2m_dev (Video4Linux2 memory-to-memory device) framework, which provides built-in scheduling and serialization of decode operations across multiple decoder instances. This ensures alternating access to hardware resources while maintaining multi-instance decode capability.

RemediationAI

Apply vendor-released patches from stable kernel branches: upgrade to Linux kernel 6.19.6 or later for the 6.x series, or 7.0 stable release for the 7.x series. Patches available via git.kernel.org commits 286d629d10640bc22f3bf46aa4f356eb7975e862 (https://git.kernel.org/stable/c/286d629d10640bc22f3bf46aa4f356eb7975e862) and e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765 (https://git.kernel.org/stable/c/e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765). If immediate patching is not feasible, implement compensating controls: restrict unprivileged access to /dev/video* device nodes via udev rules to limit exploitation surface to trusted processes only, or disable concurrent video decode workloads through application-layer scheduling to serialize H.264/HEVC operations. Note that device node restrictions may break legitimate multimedia applications requiring video decode capabilities, and serialization reduces decode throughput by 50% in multi-instance scenarios. Long-term mitigation requires kernel update as hardware limitation cannot be fully resolved at userspace layer.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43310 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy