CVE-2026-43151 - Vulnerability Details

- Revert "media: iris: Add sanity check for stop streaming"

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "media: iris: Add sanity check for stop streaming"

This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.

Revert the check that skipped stop_streaming when the instance was in
IRIS_INST_ERROR, as it caused multiple regressions:

1. Buffers were not returned to vb2 when the instance was already in
error state, triggering warnings in the vb2 core because buffer
completion was skipped.

2. If a session failed early (e.g. unsupported configuration), the
instance transitioned to IRIS_INST_ERROR. When userspace attempted
to stop streaming for cleanup, stop_streaming was skipped due to the
added check, preventing proper teardown and leaving the firmware
in an inconsistent state.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel media:iris driver was changed by adding a sanity check that prevented the stop_streaming function from being called when the instance was in an error state. This change caused buffers to remain allocated, triggering warnings and preventing proper teardown of the driver when a session failed early. The result is a resource leak and an inconsistent firmware state that could lead to system instability or denial of service on affected media devices.

Affected Systems

The vulnerability affects the Linux kernel in all releases that contain the commit adding the sanity check for iris devices. The exact version range is not specified, but any system with the iris driver after the problematic commit is potentially affected.

Risk and Exploitability

The vulnerability has no publicly reported exploits and no EPSS score is available. It is a local issue that requires privileged access to the kernel through a userspace interaction with the iris driver. The lack of a KEV listing and the absence of a CVSS score suggest moderate risk; however, if an attacker can trigger a streaming error on an iris device they may force a resource exhaustion condition.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`f8b136296722e258ec43237a35f72c92a6d4501a`	affected	< bd4f8fa216182f33c06d4c1e162975a0c42fb14e
`ad699fa78b59241c9d71a8cafb51525f3dab04d4`	affected	< a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398
`ad699fa78b59241c9d71a8cafb51525f3dab04d4`	affected	< 370e19042fb8ac68109f8bdb0fdd8118baf39318

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[f8b136296722e258ec43237a35f72c92a6d4501a,bd4f8fa216182f33c06d4c1e162975a0c42fb14e)`	affected	code_commit	—
`[ad699fa78b59241c9d71a8cafb51525f3dab04d4,a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398)`	affected	code_commit	—
`[ad699fa78b59241c9d71a8cafb51525f3dab04d4,370e19042fb8ac68109f8bdb0fdd8118baf39318)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	semver	—
`[0,6.19)`	unaffected	semver	—
`[6.18.16,6.18.*]`	unaffected	semver	—
`[6.19.6,6.19.*]`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that includes the revert of commit ad699fa78b59241c9d71a8cafb51525f3dab04d4 or apply the patch that removes the sanity check.
For systems that cannot be upgraded immediately, consider disabling the iris media driver or avoiding use of camera hardware that relies on it until a patch is applied.
Monitor system logs for warnings from the vb2 core indicating unreleased buffers and ensure firmware state is cleaned up after failures.

Generated by OpenCVE AI on May 6, 2026 at 13:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/370e19042fb8ac68109f8bdb0fdd8118baf39318
https://git.kernel.org/stable/c/a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398
https://git.kernel.org/stable/c/bd4f8fa216182f33c06d4c1e162975a0c42fb14e

History

Wed, 06 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-803

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused multiple regressions: 1. Buffers were not returned to vb2 when the instance was already in error state, triggering warnings in the vb2 core because buffer completion was skipped. 2. If a session failed early (e.g. unsupported configuration), the instance transitioned to IRIS_INST_ERROR. When userspace attempted to stop streaming for cleanup, stop_streaming was skipped due to the added check, preventing proper teardown and leaving the firmware in an inconsistent state.
Title		Revert "media: iris: Add sanity check for stop streaming"
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/370e19042fb8ac68109f8bdb0fdd8118baf39318 https://git.kernel.org/stable/c/a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398 https://git.kernel.org/stable/c/bd4f8fa216182f33c06d4c1e162975a0c42fb14e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:33.084Z

Updated: 2026-05-06T11:27:33.084Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43151

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:32.827

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43151

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T18:00:11Z

Weaknesses

CWE-803

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object