CVE-2026-43229

Source
https://cve.org/CVERecord?id=CVE-2026-43229
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43229.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43229
Downstream
Published
2026-05-06T11:28:26.951Z
Modified
2026-07-08T08:09:35.469216736Z
Summary
media: chips-media: wave5: Fix device cleanup order to prevent kernel panic
Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix device cleanup order to prevent kernel panic

Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread and disabling PM runtime. This prevents hardware register access after the device has been powered down.

In polling mode, the hrtimer periodically triggers wave5vputimercallback() which queues work to the kthread worker. The worker executes wave5vpuirqworkfn() which reads hardware registers via wave5vdireadregister().

The original cleanup order disabled PM runtime and powered down hardware before unregistering video devices. When autosuspend triggers and powers off the hardware, the video devices are still registered and the worker thread can still be triggered by the hrtimer, causing it to attempt reading registers from powered-off hardware. This results in a bus error (synchronous external abort) and kernel panic.

This causes random kernel panics during encoding operations:

Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP Modules linked in: wave5 rpmsgctrl rpmsgchar ... CPU: 0 UID: 0 PID: 1520 Comm: vpuirqthread Tainted: G M W pc : wave5vdireadregister+0x10/0x38 [wave5] lr : wave5vpuirqworkfn+0x28/0x60 [wave5] Call trace: wave5vdireadregister+0x10/0x38 [wave5] kthreadworkerfn+0xd8/0x238 kthread+0x104/0x120 retfromfork+0x10/0x20 Code: aa1e03e9 d503201f f9416800 8b214000 (b9400000) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: synchronous external abort: Fatal exception

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43229.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9707a6254a8a6b978bde811a44fe07d86c229d1c
Fixed
b73d85231d5b1400a4fa5046cdac6c4d7cc6d969
Fixed
526816f2e331954d80fed8b37fa94efbbdde2b8d
Fixed
dc2b7deae740a3ed138fb7ae17c97fa4055cfc5f
Fixed
b74cedac643b02aefa7da881b58a3792859d9748

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43229.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43229.json"