VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 13, 2026

CVE-2026-43151

CVE-2026-43151

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "media: iris: Add sanity check for stop streaming"

This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.

Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused multiple regressions:

1. Buffers were not returned to vb2 when the instance was already in error state, triggering warnings in the vb2 core because buffer completion was skipped.

2. If a session failed early (e.g. unsupported configuration), the instance transitioned to IRIS_INST_ERROR. When userspace attempted to stop streaming for cleanup, stop_streaming was skipped due to the added check, preventing proper teardown and leaving the firmware in an inconsistent state.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel reverts a check in iris media driver that caused regressions by skipping cleanup on error state.

Root

Cause

A prior commit (ad699fa78b59) added a sanity check in the iris media driver that skipped stop_streaming when the instance was in IRIS_INST_ERROR state. This check was found to introduce regressions, including failure to return buffers to the vb2 framework and improper session teardown, leaving the firmware in an inconsistent state [1].

Exploitation

An attacker or user can trigger the error state by, for example, attempting an unsupported configuration during streaming setup. When userspace then attempts to stop streaming for cleanup, the problematic check prevents the stop_streaming callback from executing, causing the driver to skip buffer completion and leaving the firmware session active.

Impact

The primary impact is a denial of service: warnings in the vb2 core due to unfinished buffers and potential system instability from an inconsistent firmware state. No privilege escalation or data leak is reported.

Mitigation

The fix is the revert of the faulty commit, applied in Linux kernel stable branches as commit bd4f8fa21618 [1]. Users should update to a kernel containing this revert.

References
  1. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.18.3,<6.18.16

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.