CVE-2026-43229

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: chips-media: wave5: Fix device cleanup order to prevent kernel panic<br /> <br /> Move video device unregistration to the beginning of the remove function<br /> to ensure all video operations are stopped before cleaning up the worker<br /> thread and disabling PM runtime. This prevents hardware register access<br /> after the device has been powered down.<br /> <br /> In polling mode, the hrtimer periodically triggers<br /> wave5_vpu_timer_callback() which queues work to the kthread worker.<br /> The worker executes wave5_vpu_irq_work_fn() which reads hardware<br /> registers via wave5_vdi_read_register().<br /> <br /> The original cleanup order disabled PM runtime and powered down hardware<br /> before unregistering video devices. When autosuspend triggers and powers<br /> off the hardware, the video devices are still registered and the worker<br /> thread can still be triggered by the hrtimer, causing it to attempt<br /> reading registers from powered-off hardware. This results in a bus error<br /> (synchronous external abort) and kernel panic.<br /> <br /> This causes random kernel panics during encoding operations:<br /> <br /> Internal error: synchronous external abort: 0000000096000010<br /> [#1] PREEMPT SMP<br /> Modules linked in: wave5 rpmsg_ctrl rpmsg_char ...<br /> CPU: 0 UID: 0 PID: 1520 Comm: vpu_irq_thread<br /> Tainted: G M W<br /> pc : wave5_vdi_read_register+0x10/0x38 [wave5]<br /> lr : wave5_vpu_irq_work_fn+0x28/0x60 [wave5]<br /> Call trace:<br /> wave5_vdi_read_register+0x10/0x38 [wave5]<br /> kthread_worker_fn+0xd8/0x238<br /> kthread+0x104/0x120<br /> ret_from_fork+0x10/0x20<br /> Code: aa1e03e9 d503201f f9416800 8b214000 (b9400000)<br /> ---[ end trace 0000000000000000 ]---<br /> Kernel panic - not syncing: synchronous external abort:<br /> Fatal exception