Description
In the Linux kernel, the following vulnerability has been resolved:

media: verisilicon: Fix kernel panic due to __initconst misuse

Fix a kernel panic when probing the driver as a module:

Unable to handle kernel paging request at virtual address
ffffd9c18eb05000
of_find_matching_node_and_match+0x5c/0x1a0
hantro_probe+0x2f4/0x7d0 [hantro_vpu]

The imx8mq_vpu_shared_resources array is referenced by variant
structures through their shared_devices field. When built as a
module, __initconst causes this data to be freed after module
init, but it's later accessed during probe, causing a page fault.

The imx8mq_vpu_shared_resources is referenced from non-init code,
so keeping __initconst or __initconst_or_module here is wrong.

Drop the __initconst annotation and let it live in the normal .rodata
section.

A bug of __initconst called from regular non-init probe code
leading to bugs during probe deferrals or during unbind-bind cycles.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Panic (Denial of Service)
Action: Patch
AI Analysis

Impact

The vulnerability arises from improper use of the __initconst attribute in the Verisilicon media driver within the Linux kernel, leading to a kernel paging request error when the driver is probed as a module. This causes a kernel panic, effectively crashing the system and denying service. The flaw is an example of CWE‑825, improper handling of data with incorrect lifetime annotations.

Affected Systems

Affected only the Linux kernel media subsystem for Verisilicon devices. No specific kernel version range is listed, but any configuration that loads the hantro_vpu module remains vulnerable until the upstream fix is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while an EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not in the CISA KEV list. Attack feasibility requires the ability to load or reload the affected module, which typically requires administrative privileges or a local physical user with the ability to insert kernel modules. In such environments, an attacker could crash the system by triggering the probe sequence.

Generated by OpenCVE AI on April 28, 2026 at 14:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel release that removes the __initconst annotation from the Verisilicon media driver.
  • If a kernel update cannot be performed immediately, disable or uninstall the hantro_vpu module to prevent accidental loading.
  • Audit other kernel modules for misuse of __initconst or similar initialization attributes to avoid repeat issues.

Generated by OpenCVE AI on April 28, 2026 at 14:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to __initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 of_find_matching_node_and_match+0x5c/0x1a0 hantro_probe+0x2f4/0x7d0 [hantro_vpu] The imx8mq_vpu_shared_resources array is referenced by variant structures through their shared_devices field. When built as a module, __initconst causes this data to be freed after module init, but it's later accessed during probe, causing a page fault. The imx8mq_vpu_shared_resources is referenced from non-init code, so keeping __initconst or __initconst_or_module here is wrong. Drop the __initconst annotation and let it live in the normal .rodata section. A bug of __initconst called from regular non-init probe code leading to bugs during probe deferrals or during unbind-bind cycles.
Title media: verisilicon: Fix kernel panic due to __initconst misuse
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:11:24.118Z

Reserved: 2026-03-09T15:48:24.119Z

Link: CVE-2026-31573

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:31.857

Modified: 2026-04-27T20:29:52.667

Link: CVE-2026-31573

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31573 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:15:34Z

Weaknesses