CVE-2026-43301
Runtime PM Usage Count Underflow in Linux Kernel Video Codec Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's chips-media wave5 driver related to power management runtime (PM runtime) usage count handling.
The issue occurs because the driver calls pm_runtime_put_sync() unconditionally during device removal, but the device may already be suspended due to autosuspend configured during probe.
When autosuspend has already suspended the device, the usage count is zero, and calling pm_runtime_put_sync() decrements it to -1, causing a usage count underflow.
This underflow triggers a warning message on module unload indicating a runtime PM usage count underflow.
The fix replaces pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe, allowing pm_runtime_disable() to correctly handle reference count cleanup regardless of suspend state.
How can this vulnerability impact me? :
This vulnerability causes a runtime PM usage count underflow warning during module unload in the Linux kernel driver.
While the description does not specify direct security impacts such as privilege escalation or denial of service, the warning indicates improper power management reference counting which could potentially lead to unstable driver behavior or kernel warnings.
However, no explicit impact on system security or functionality beyond the warning is detailed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing warning messages related to runtime PM usage count underflow in the kernel logs.
Specifically, look for the warning message similar to:
- WARNING: CPU: <cpu_id> PID: <pid> at kernel/kthread.c:<line_number>
- vdec 30210000.video-codec: Runtime PM usage count underflow!
You can check for this message by running the following command to search kernel logs:
- dmesg | grep 'Runtime PM usage count underflow'
Alternatively, you can monitor system logs (e.g., /var/log/kern.log or /var/log/messages) for similar warnings.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is caused by improper handling of the PM runtime usage count in the chips-media wave5 driver.
Immediate mitigation involves updating the Linux kernel to a version where this issue is fixed.
The fix replaces the call to pm_runtime_put_sync() in the remove path with pm_runtime_dont_use_autosuspend(), ensuring proper pairing with pm_runtime_use_autosuspend() from probe.
This allows pm_runtime_disable() to correctly handle reference count cleanup regardless of the current suspend state, preventing usage count underflow.
Therefore, applying the patch or upgrading to a kernel version including this fix is the recommended immediate step.