CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: solo6x10: Check for out of bounds chip_id<br /> <br /> Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type<br /> (literal "1" is an "int") could end up being shifted beyond 32 bits,<br /> so instrumentation was added (and due to the double is_tw286x() call<br /> seen via inlining), Clang decides the second one must now be undefined<br /> behavior and elides the rest of the function[1]. This is a known problem<br /> with Clang (that is still being worked on), but we can avoid the entire<br /> problem by actually checking the existing max chip ID, and now there is<br /> no runtime instrumentation added at all since everything is known to be<br /> within bounds.<br /> <br /> Additionally use an unsigned value for the shift to remove the<br /> instrumentation even without the explicit bounds checking.<br /> <br /> [hverkuil: fix checkpatch warning for is_tw286x]