Description
In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix PM runtime usage count underflow

Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in
the remove path to properly pair with pm_runtime_use_autosuspend() from
probe. This allows pm_runtime_disable() to handle reference count cleanup
correctly regardless of current suspend state.

The driver calls pm_runtime_put_sync() unconditionally in remove, but the
device may already be suspended due to autosuspend configured in probe.
When autosuspend has already suspended the device, the usage count is 0,
and pm_runtime_put_sync() decrements it to -1.

This causes the following warning on module unload:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430
kthread_destroy_worker+0x84/0x98
...
vdec 30210000.video-codec: Runtime PM usage count underflow!
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s media driver, the removal path mistakenly called pm_runtime_put_sync() without accounting for autosuspend. When the device had already entered suspend, the runtime usage count was zero and the call decremented it to –1, producing a warning on module unload. This mis‑management of the usage counter does not lead to a crash, data corruption, or privilege escalation; it only triggers a kernel warning. The impact is limited to a console log entry and does not compromise confidentiality, integrity, or availability.

Affected Systems

The flaw exists in the Linux kernel’s chips‑media wave5 driver. All kernel releases that include this driver prior to the commit fixing the underflow may be affected. Linux distributions that have not yet upgraded to a kernel containing the patch could experience the warning when the driver is unloaded.

Risk and Exploitability

Based on the description, it is inferred that the likely attack vector is a local attacker who can load or unload kernel modules, typically requiring privileged access. The CVSS base score is 5.5, reflecting a moderate level of risk, while the EPSS score is < 1%, indicating a low likelihood of exploitation. This vulnerability is not listed in the CISA KEV catalog. The issue manifests as a warning on module unload when a device that has automatic suspend already engaged is removed; it does not lead to a crash, data corruption, or privilege escalation. Although the flaw can be triggered by a privileged user, there is no remote or privilege‑escalation vector, so exploitation is currently unlikely to be a serious threat.

Generated by OpenCVE AI on May 15, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that incorporates the patch from commit 0bffda02317989f8d5cdc2d4462a4110b1290cf0 which replaces pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend()
  • If an immediate kernel upgrade is not feasible, temporarily disable autosuspend or runtime power management for the affected device until the kernel can be updated
  • For systems running custom or older kernels, rebuild the kernel after applying the wave5 driver patch to include the corrected pm_runtime_dont_use_autosuspend() logic

Generated by OpenCVE AI on May 15, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399

Fri, 15 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-191
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 12 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Fri, 08 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state. The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pm_runtime_put_sync() decrements it to -1. This causes the following warning on module unload: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthread_destroy_worker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!
Title media: chips-media: wave5: Fix PM runtime usage count underflow
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:54.560Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:37.340

Modified: 2026-05-15T13:37:05.710

Link: CVE-2026-43301

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43301 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T16:30:03Z

Weaknesses