CVE-2026-43229
Awaiting Analysis Awaiting Analysis - Queue
Kernel panic in ChipsMedia WAVE5 Video Driver

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread and disabling PM runtime. This prevents hardware register access after the device has been powered down. In polling mode, the hrtimer periodically triggers wave5_vpu_timer_callback() which queues work to the kthread worker. The worker executes wave5_vpu_irq_work_fn() which reads hardware registers via wave5_vdi_read_register(). The original cleanup order disabled PM runtime and powered down hardware before unregistering video devices. When autosuspend triggers and powers off the hardware, the video devices are still registered and the worker thread can still be triggered by the hrtimer, causing it to attempt reading registers from powered-off hardware. This results in a bus error (synchronous external abort) and kernel panic. This causes random kernel panics during encoding operations: Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP Modules linked in: wave5 rpmsg_ctrl rpmsg_char ... CPU: 0 UID: 0 PID: 1520 Comm: vpu_irq_thread Tainted: G M W pc : wave5_vdi_read_register+0x10/0x38 [wave5] lr : wave5_vpu_irq_work_fn+0x28/0x60 [wave5] Call trace: wave5_vdi_read_register+0x10/0x38 [wave5] kthread_worker_fn+0xd8/0x238 kthread+0x104/0x120 ret_from_fork+0x10/0x20 Code: aa1e03e9 d503201f f9416800 8b214000 (b9400000) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: synchronous external abort: Fatal exception
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43229
EUVD
EUVD-2026-27792
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's chips-media wave5 driver. It occurs because the device cleanup order was incorrect during the removal process.

Specifically, the video device unregistration was done after powering down the hardware and disabling power management runtime. This caused the worker thread to still be active and attempt to read hardware registers from powered-off hardware.

When the hardware is powered down but the video devices remain registered, a periodic timer triggers work that reads hardware registers, leading to a bus error (synchronous external abort) and causing the kernel to panic.


How can this vulnerability impact me? :

This vulnerability can cause random kernel panics during encoding operations on affected systems.

A kernel panic is a fatal error that stops the operating system from functioning, which can lead to system crashes, data loss, and service interruptions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as random kernel panics during encoding operations involving the wave5 media driver in the Linux kernel.

You can detect it by monitoring your system logs for kernel panic messages similar to the following:

  • Internal error: synchronous external abort: 0000000096000010
  • Call trace involving wave5_vdi_read_register and wave5_vpu_irq_work_fn

To check for such kernel panic messages, you can use commands like:

  • dmesg | grep -i 'wave5_vdi_read_register'
  • journalctl -k | grep -i 'synchronous external abort'
  • grep -i 'kernel panic' /var/log/kern.log

Additionally, monitoring for unexpected reboots or crashes during encoding operations involving the wave5 driver can help detect this issue.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is caused by improper device cleanup order in the wave5 media driver, leading to kernel panics when hardware registers are accessed after the device is powered down.

Immediate mitigation steps include:

  • Update the Linux kernel to a version where this issue is fixed, which involves moving video device unregistration to the beginning of the remove function.
  • Avoid running encoding operations that use the wave5 driver until the fix is applied.
  • If updating the kernel is not immediately possible, consider disabling the wave5 media driver or related modules to prevent triggering the vulnerable code path.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not include any details about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart