CVE-2026-43310 - Vulnerability Details

- media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

Description

In the Linux kernel, the following vulnerability has been resolved:

media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and
g2 VPU cannot decode simultaneously; otherwise, it will cause below bus
error and produce corrupted pictures, even potentially lead to system hang.

[ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out.
[ 110.583517] hantro-vpu 38310000.video-codec: bus error detected.

Therefore, it is necessary to ensure that g1 and g2 operate alternately.
This allows for successful multi-instance decoding of H.264 and HEVC.

To achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the
v4l2_m2m_dev can handle the scheduling.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel media driver for Verisilicon VPUs on the i.MX8MQ board, running the g1 and g2 VPU sub‑systems simultaneously can trigger a bus error that corrupts decoded frames and may cause a system crash. The weakness arises from inadequate scheduling between the two hardware units, resulting in a denial‑of‑service impact that affects only availability; there is no direct threat to confidentiality or integrity.

Affected Systems

The flaw affects any device that runs the Linux kernel with the Verisilicon H.264/HEVC driver on an i.MX8MQ system. No specific kernel release is listed, so any kernel incorporating the affected driver code before the patch is vulnerable.

Risk and Exploitability

The CVSS score is not publicly disclosed, and the EPSS score is unavailable; the flaw is not listed in CISA’s KEV catalog. The only practical attack vector is local: a user able to initiate media decoding—such as a malicious video stream or application—could trigger the bus error, leading to frame corruption or a full system hang. Exploitation requires local or privileged access to the device and delivers a denial‑of‑service effect.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c`	affected	< 286d629d10640bc22f3bf46aa4f356eb7975e862
`cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c`	affected	< e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765

Linux

affected

Version	Status	Constraints
`5.14`	affected	—
`0`	unaffected	< 5.14
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c,286d629d10640bc22f3bf46aa4f356eb7975e862)`	affected	code_commit	—
`[cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c,e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.14`	affected	generic	—
`[0,5.14)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a Linux kernel update that includes the Verisilicon driver patch referenced in the kernel commit URLs.
Configure the VPU driver to enforce alternating usage of the g1 and g2 units through the shared v4l2_m2m_dev scheduler.
If an immediate kernel update is not possible, prevent simultaneous use of both VPU units by disabling one in the media pipeline or limiting the system to single‑instance H.264/HEVC decoding.

Generated by OpenCVE AI on May 9, 2026 at 03:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/286d629d10640bc22f3bf46aa4f356eb7975e862
https://git.kernel.org/stable/c/e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765
https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43310-4485@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43310
https://www.cve.org/CVERecord?id=CVE-2026-43310

History

Sat, 09 May 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-673

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
References		https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43310-4485@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43310 https://www.cve.org/CVERecord?id=CVE-2026-43310

Fri, 08 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-673

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produce corrupted pictures, even potentially lead to system hang. [ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out. [ 110.583517] hantro-vpu 38310000.video-codec: bus error detected. Therefore, it is necessary to ensure that g1 and g2 operate alternately. This allows for successful multi-instance decoding of H.264 and HEVC. To achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the v4l2_m2m_dev can handle the scheduling.
Title		media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/286d629d10640bc22f3bf46aa4f356eb7975e862 https://git.kernel.org/stable/c/e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:28.372Z

Updated: 2026-05-08T13:11:28.372Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43310

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:38.370

Modified: 2026-05-08T14:16:38.370

Link: CVE-2026-43310

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43310 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses

CWE-770

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object