CVE-2026-43301

Source
https://cve.org/CVERecord?id=CVE-2026-43301
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43301.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43301
Downstream
Published
2026-05-08T13:11:22.234Z
Modified
2026-07-08T08:13:29.414497585Z
Summary
media: chips-media: wave5: Fix PM runtime usage count underflow
Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix PM runtime usage count underflow

Replace pmruntimeputsync() with pmruntimedontuseautosuspend() in the remove path to properly pair with pmruntimeuseautosuspend() from probe. This allows pmruntimedisable() to handle reference count cleanup correctly regardless of current suspend state.

The driver calls pmruntimeputsync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pmruntimeputsync() decrements it to -1.

This causes the following warning on module unload:

------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthreaddestroyworker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43301.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9707a6254a8a6b978bde811a44fe07d86c229d1c
Fixed
3a278a55ead50db2444c8f01410c7f5a68723990
Fixed
0bffda02317989f8d5cdc2d4462a4110b1290cf0
Fixed
9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43301.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43301.json"