Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
media: chips-media: wave5: Fix SError of kernel panic when closed
SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened.
[ 48.834439] SError Interrupt on CPU0, code 0x00000000bf000000 -- SError [ 48.834455] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7 [ 48.834461] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025 [ 48.834464] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.834468] pc : wave5_dec_clr_disp_flag+0x40/0x80 [wave5] [ 48.834488] lr : wave5_dec_clr_disp_flag+0x40/0x80 [wave5] [ 48.834495] sp : ffff8000856e3a30 [ 48.834497] x29: ffff8000856e3a30 x28: ffff0008093f6010 x27: ffff000809158130 [ 48.834504] x26: 0000000000000000 x25: ffff00080b625000 x24: ffff000804a9ba80 [ 48.834509] x23: ffff000802343028 x22: ffff000809158150 x21: ffff000802218000 [ 48.834513] x20: ffff0008093f6000 x19: ffff0008093f6000 x18: 0000000000000000 [ 48.834518] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff74009618 [ 48.834523] x14: 000000010000000c x13: 0000000000000000 x12: 0000000000000000 [ 48.834527] x11: ffffffffffffffff x10: ffffffffffffffff x9 : ffff000802343028 [ 48.834532] x8 : ffff00080b6252a0 x7 : 0000000000000038 x6 : 0000000000000000 [ 48.834536] x5 : ffff00080b625060 x4 : 0000000000000000 x3 : 0000000000000000 [ 48.834541] x2 : 0000000000000000 x1 : ffff800084bf0118 x0 : ffff800084bf0000 [ 48.834547] Kernel panic - not syncing: Asynchronous SError Interrupt [ 48.834549] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7 [ 48.834554] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025 [ 48.834556] Call trace: [ 48.834559] dump_backtrace+0x94/0xec [ 48.834574] show_stack+0x18/0x24 [ 48.834579] dump_stack_lvl+0x38/0x90 [ 48.834585] dump_stack+0x18/0x24 [ 48.834588] panic+0x35c/0x3e0 [ 48.834592] nmi_panic+0x40/0x8c [ 48.834595] arm64_serror_panic+0x64/0x70 [ 48.834598] do_serror+0x3c/0x78 [ 48.834601] el1h_64_error_handler+0x34/0x4c [ 48.834605] el1h_64_error+0x64/0x68 [ 48.834608] wave5_dec_clr_disp_flag+0x40/0x80 [wave5] [ 48.834615] wave5_vpu_dec_clr_disp_flag+0x54/0x80 [wave5] [ 48.834622] wave5_vpu_dec_buf_queue+0x19c/0x1a0 [wave5] [ 48.834628] __enqueue_in_driver+0x3c/0x74 [videobuf2_common] [ 48.834639] vb2_core_qbuf+0x508/0x61c [videobuf2_common] [ 48.834646] vb2_qbuf+0xa4/0x168 [videobuf2_v4l2] [ 48.834656] v4l2_m2m_qbuf+0x80/0x238 [v4l2_mem2mem] [ 48.834666] v4l2_m2m_ioctl_qbuf+0x18/0x24 [v4l2_mem2mem] [ 48.834673] v4l_qbuf+0x48/0x5c [videodev] [ 48.834704] __video_do_ioctl+0x180/0x3f0 [videodev] [ 48.834725] video_usercopy+0x2ec/0x68c [videodev] [ 48.834745] video_ioctl2+0x18/0x24 [videodev] [ 48.834766] v4l2_ioctl+0x40/0x60 [videodev] [ 48.834786] __arm64_sys_ioctl+0xa8/0xec [ 48.834793] invoke_syscall+0x44/0x100 [ 48.834800] el0_svc_common.constprop.0+0xc0/0xe0 [ 48.834804] do_el0_svc+0x1c/0x28 [ 48.834809] el0_svc+0x30/0xd0 [ 48.834813] el0t_64_sync_handler+0xc0/0xc4 [ 48.834816] el0t_64_sync+0x190/0x194 [ 48.834820] SMP: stopping secondary CPUs [ 48.834831] Kernel Offset: disabled [ 48.834833] CPU features: 0x08,00002002,80200000,4200421b [ 48.834837] Memory Limit: none [ 49.161404] ---[ end Kernel panic - not syncing: Asynchronous SError Interrupt ]---
AnalysisAI
Kernel panic via SError interrupt in Linux kernel media driver (chips-media wave5) when device enters autosuspend during video decoding operations. Local authenticated attackers can trigger a denial of service by queuing buffers to the wave5 video decoder while autosuspend timeout occurs, causing the CPU to access suspended hardware and generate an unrecoverable asynchronous SError, crashing the system. No privilege escalation or code execution; impact limited to availability.
Technical ContextAI
The vulnerability exists in the wave5 video decoder driver (chips-media WAVE521 codec), a V4L2 media framework component for hardware-accelerated video decoding. The root cause is a race condition between the autosuspend PM (power management) subsystem and the wave5_dec_clr_disp_flag() function, which accesses hardware registers. When autosuspend timeout expires and the device enters sleep state, subsequent calls to wave5_dec_clr_disp_flag() attempt to access registers on suspended hardware, triggering an ARM64 SError (System Error) - an asynchronous exception that cannot be caught or handled, causing immediate kernel panic. This affects systems running the wave5 decoder (primarily Texas Instruments J721S2 SoCs and similar platforms with this codec) when PM autosuspend is enabled.
RemediationAI
Vendor-released patch: upgrade to Linux 6.13 or stable series 6.18.16, 6.19.6, or 7.0+. If immediate upgrade not feasible, apply upstream commit 27cb12b7dc88c51582094eeb2b65b0e94603e411 to your kernel tree. The fix adds PM reference counting to wave5_vpu_dec_buf_queue() to prevent hardware access during suspend. Alternatively, disable autosuspend for the wave5 device via sysctl or power management configuration (echo -1 > /sys/devices/.../power/autosuspend_delay_ms), trading power efficiency for stability. For production video decoding systems, upgrading is strongly preferred over disabling autosuspend, as the latter increases power consumption and thermal load on embedded platforms. Verify fix by ensuring wave5_dec_clr_disp_flag() is protected by pm_runtime_get_sync()/pm_runtime_put() calls.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP7 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP7 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Legacy 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Legacy 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| SUSE Real Time Module 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Live Patching 12 SP5 | Fixed |
| SUSE Linux Enterprise Live Patching 12 SP5 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP4 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP4 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP5 | Fixed |
| SUSE Linux Enterprise Live Patching 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | Fixed |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | Fixed |
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 11 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Micro 5.0 | Fixed |
| SUSE Linux Enterprise Micro 5.1 | Fixed |
| SUSE Linux Enterprise Micro 5.2 | Fixed |
| SUSE Linux Enterprise Micro 5.2 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 11 SP4 | Fixed |
| SUSE Linux Enterprise Server 11 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| SUSE OpenStack Cloud 9 | Fixed |
| SUSE OpenStack Cloud Crowbar 9 | Fixed |
| SUSE Real Time Module 15 SP4 | Fixed |
| SUSE Real Time Module 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27810
GHSA-f5wm-6c22-vm3q