Description
In the Linux kernel, the following vulnerability has been resolved:

Revert "media: iris: Add sanity check for stop streaming"

This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.

Revert the check that skipped stop_streaming when the instance was in
IRIS_INST_ERROR, as it caused multiple regressions:

1. Buffers were not returned to vb2 when the instance was already in
error state, triggering warnings in the vb2 core because buffer
completion was skipped.

2. If a session failed early (e.g. unsupported configuration), the
instance transitioned to IRIS_INST_ERROR. When userspace attempted
to stop streaming for cleanup, stop_streaming was skipped due to the
added check, preventing proper teardown and leaving the firmware
in an inconsistent state.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel's iris media driver includes a safety check that prohibits the stop_streaming routine from running when the device is in an error state. Because this check skips buffer release and firmware cleanup during early failures, allocated buffers are not returned to the video buffer (vb2) subsystem and the camera firmware remains in an inconsistent state. Consequently system logs contain warnings, and repeated or severe errors can exhaust kernel memory or leave the hardware unrecoverable, effectively causing a denial of service to applications that rely on this driver or to the device as a whole.

Affected Systems

All Linux kernel releases that contain the commit that added the problematic safety check are affected. The vulnerability persists until the change is removed by reverting that commit or applying an equivalent patch. Systems using the iris driver from that commit onward, especially those that encounter early streaming errors, are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is reported as < 1%, and the flaw is not listed in CISA's KEV catalog, suggesting low exploitation activity. Based on the description, it is inferred that an attacker would need local or elevated privileges to trigger a streaming error on iris hardware; after the error occurs, the driver’s improper cleanup could lead to resource leaks or firmware inconsistency. Because both attack conditions are relatively uncommon and the exploit requires physical or privileged access, the overall risk remains moderate but should be addressed promptly.

Generated by OpenCVE AI on May 13, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel that reverts the iris safety check or applies a patch that restores correct stop_streaming behavior.
  • If an immediate kernel upgrade is not feasible, disable the iris media driver or avoid using camera hardware that relies on it until the issue is resolved.
  • Continuously monitor system logs for vb2 core warnings about unreleased buffers and ensure that any streaming errors trigger a clean firmware reset by editing driver settings or using external reset scripts.

Generated by OpenCVE AI on May 13, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-795

Wed, 13 May 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-803

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 06 May 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-803

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused multiple regressions: 1. Buffers were not returned to vb2 when the instance was already in error state, triggering warnings in the vb2 core because buffer completion was skipped. 2. If a session failed early (e.g. unsupported configuration), the instance transitioned to IRIS_INST_ERROR. When userspace attempted to stop streaming for cleanup, stop_streaming was skipped due to the added check, preventing proper teardown and leaving the firmware in an inconsistent state.
Title Revert "media: iris: Add sanity check for stop streaming"
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:26.572Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43151

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:32.827

Modified: 2026-05-13T20:12:57.850

Link: CVE-2026-43151

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43151 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T00:00:07Z

Weaknesses