SB2026050787 - Improper resource shutdown or release in Linux kernel chips-media wave5 driver



SB2026050787 - Improper resource shutdown or release in Linux kernel chips-media wave5 driver

Published: May 7, 2026

Security Bulletin ID SB2026050787
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper resource shutdown or release (CVE-ID: CVE-2026-43247)

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper power state management in the wave5 video decoder driver when queuing video buffers through the V4L2 ioctl interface after an autosuspend timeout triggers suspend mode. A local user can send crafted ioctl requests to trigger a kernel panic and cause a denial of service.

The issue was observed as an asynchronous SError interrupt leading to a kernel panic during decoder buffer queue operations.


Remediation

Install update from vendor's website.