CVE-2026-43235
Missing Platform Data in Linux Kernel Iris Driver for SM8750
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's media iris driver involves missing platform data entries for the SM8750 hardware. Specifically, two fields were omitted: get_vpu_buffer_size and max_core_mbps.
The missing get_vpu_buffer_size field causes the driver to fail to allocate necessary internal buffers, which leads to basic decode and encode failures when starting a session.
The missing max_core_mbps field results in incomplete capability checks, causing the encoder to fail v4l2-compliance tests.
How can this vulnerability impact me? :
The impact of this vulnerability is that video decoding and encoding operations may fail due to the driver not allocating required internal buffers.
Additionally, the encoder may not pass compliance checks, potentially leading to malfunction or degraded performance in video processing tasks on affected hardware.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not mention any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.