CVE-2026-43235

Vulnerability

Details

The Linux kernel's iris media driver for Qualcomm SM8750 platforms is missing two critical platform-data fields: get_vpu_buffer_size and max_core_mbps. The get_vpu_buffer_size field, which should use iris_vpu33_buf_size, is absent, causing the driver to fail when allocating required internal buffers for video sessions. Additionally, the max_core_mbps field, computed as ((7680 * 4320) / 256) * 60, is not set, leading to incomplete capability checks for encoder operations [1][2][3].

Exploitation

This bug is triggered during normal video decode/encode session bring-up on SM8750-based devices. An attacker or user who initiates video operations (e.g., playing a video or using a camera application) may encounter a failure when the kernel attempts to allocate VPU buffers or validate encoder capabilities. The issue does not require special privileges or networking access; it manifests when the corresponding kernel code path is exercised. No authentication is needed beyond what is required to trigger video hardware operations.

Impact

Without the missing entries, the driver fails to allocate the VPU internal buffers, resulting in basic decode/encode failures. Furthermore, the absent max_core_mbps field causes V4L2 compliance checks for encoders to be incomplete, which may lead to incorrect capability exposure and potential misconfiguration of video pipelines. Overall, this vulnerability degrades the reliability and functionality of video processing on SM8750 platforms.

Mitigation

The fix involves adding the two missing platform-data entries to the SM8750 data structure. Patches have been applied to the stable kernel branches as referenced in the kernel.org commits [1][2][3]. System administrators should apply the latest kernel updates from their distribution to ensure the iris driver is fully functional on SM8750 hardware.