CVE-2026-43293

Source
https://cve.org/CVERecord?id=CVE-2026-43293
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43293.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43293
Downstream
Published
2026-05-08T13:11:16.812Z
Modified
2026-07-08T08:13:28.149610702Z
Summary
media: chips-media: wave5: Fix kthread worker destruction in polling mode
Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix kthread worker destruction in polling mode

Fix the cleanup order in polling mode (irq < 0) to prevent kernel warnings during module removal. Cancel the hrtimer before destroying the kthread worker to ensure work queues are empty.

In polling mode, the driver uses hrtimer to periodically trigger wave5vputimercallback() which queues work via kthreadqueuework(). The kthreaddestroyworker() function validates that both work queues are empty with WARNON(!listempty(&worker->worklist)) and WARNON(!listempty(&worker->delayedworklist)).

The original code called kthreaddestroyworker() before hrtimercancel(), creating a race condition where the timer could fire during worker destruction and queue new work, triggering the WARNON.

This causes the following warning on every module unload in polling mode:

------------[ cut here ]------------ WARNING: CPU: 2 PID: 1034 at kernel/kthread.c:1430 kthreaddestroyworker+0x84/0x98 Modules linked in: wave5(-) rpmsgctrl rpmsgchar ... Call trace: kthreaddestroyworker+0x84/0x98 wave5vpuremove+0xc8/0xe0 [wave5] platform_remove+0x30/0x58 ... ---[ end trace 0000000000000000 ]---

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43293.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ed7276ed2fd02208bfca9f222ef1e7b2743d710d
Fixed
156020e889edf4593870d926d3c4a6d06baac44a
Fixed
cc8071b1bac6568ea09d54be2d4f74dba80e17f8
Fixed
0c2e752688a0ee3b89993e6de6c496d863870c93
Fixed
5a0c122e834b2f7f029526422c71be922960bf03

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43293.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43293.json"