Null Dereference Vulnerability in Linux Kernel Media Chips
CVE-2026-43263

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43263?

A vulnerability has been identified in the Linux kernel, specifically within the media chips component related to wave5. This issue arises when multiple instances are created or destroyed, leading to a series of interrupts that may result in null dereference due to inadequate locking mechanisms. The shared structure 'vpu_instance' is utilized across all flows within the decoder, and without proper protection, this can lead to potential system instability. A modification in the IRQ handler has been implemented, which involves splitting the handler into two phases and introducing a locking mechanism to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux 9707a6254a8a6b978bde811a44fe07d86c229d1c

References

https://git.kernel.org/stable/c/ea316b784fe6a61b29131c98c...

https://git.kernel.org/stable/c/d12bcf183ec7da4305d848068...

https://git.kernel.org/stable/c/e66ff2b08e4ee1c4d3b84f248...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43263 Data

JSON