CVE-2026-43301 - Vulnerability Details

- media: chips-media: wave5: Fix PM runtime usage count underflow

Description

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix PM runtime usage count underflow

Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in
the remove path to properly pair with pm_runtime_use_autosuspend() from
probe. This allows pm_runtime_disable() to handle reference count cleanup
correctly regardless of current suspend state.

The driver calls pm_runtime_put_sync() unconditionally in remove, but the
device may already be suspended due to autosuspend configured in probe.
When autosuspend has already suspended the device, the usage count is 0,
and pm_runtime_put_sync() decrements it to -1.

This causes the following warning on module unload:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430
kthread_destroy_worker+0x84/0x98
...
vdec 30210000.video-codec: Runtime PM usage count underflow!

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel’s media driver, the removal path erroneously called pm_runtime_put_sync() without accounting for autosuspend. When the device had already entered suspend, the runtime usage count was zero and the call decremented it to –1, producing a warning on module unload. This mis‑management of the usage counter does not lead to a crash, data corruption, or privilege escalation; it only triggers a kernel warning. The impact is limited to a console log entry and does not compromise confidentiality, integrity, or availability.

Affected Systems

The flaw exists in the Linux kernel’s chips‑media wave5 driver. All kernel releases that include this driver prior to the commit fixing the underflow may be affected. Linux distributions that have not yet upgraded to a kernel containing the patch could experience the warning when the driver is unloaded.

Risk and Exploitability

No CVSS or EPSS score is provided, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw merely generates a warning and requires no special privilege or remote access to trigger, the risk is low. The likely attack vector is a local attacker or administrator who can load or unload kernel modules, a privilege that is already required for modifying system code. Active exploitation is improbable and the vulnerability is unlikely to be used in attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 3a278a55ead50db2444c8f01410c7f5a68723990
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 0bffda02317989f8d5cdc2d4462a4110b1290cf0
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[9707a6254a8a6b978bde811a44fe07d86c229d1c,3a278a55ead50db2444c8f01410c7f5a68723990)`	affected	code_commit	—
`[9707a6254a8a6b978bde811a44fe07d86c229d1c,0bffda02317989f8d5cdc2d4462a4110b1290cf0)`	affected	code_commit	—
`[9707a6254a8a6b978bde811a44fe07d86c229d1c,9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.8`	affected	semver	—
`[0,6.8)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that incorporates the patch from commit 0bffda02317989f8d5cdc2d4462a4110b1290cf0 which replaces pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend()
If an immediate kernel upgrade is not feasible, temporarily disable autosuspend or runtime power management for the affected device until the kernel can be updated
For systems running custom or older kernels, rebuild the kernel after applying the wave5 driver patch to include the corrected pm_runtime_dont_use_autosuspend() logic

Generated by OpenCVE AI on May 8, 2026 at 15:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0bffda02317989f8d5cdc2d4462a4110b1290cf0
https://git.kernel.org/stable/c/3a278a55ead50db2444c8f01410c7f5a68723990
https://git.kernel.org/stable/c/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38

History

Fri, 08 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state. The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pm_runtime_put_sync() decrements it to -1. This causes the following warning on module unload: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthread_destroy_worker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!
Title		media: chips-media: wave5: Fix PM runtime usage count underflow
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0bffda02317989f8d5cdc2d4462a4110b1290cf0 https://git.kernel.org/stable/c/3a278a55ead50db2444c8f01410c7f5a68723990 https://git.kernel.org/stable/c/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:22.234Z

Updated: 2026-05-08T13:11:22.234Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43301

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:37.340

Modified: 2026-05-08T14:16:37.340

Link: CVE-2026-43301

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T18:15:13Z

Weaknesses

CWE-399

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object