CVE-2026-43301
Received Received - Intake
Runtime PM Usage Count Underflow in Linux Kernel Video Codec Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state. The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pm_runtime_put_sync() decrements it to -1. This causes the following warning on module unload: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthread_destroy_worker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43301
EUVD
EUVD-2026-28571
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's chips-media wave5 driver related to power management runtime (PM runtime) usage count handling.

The issue occurs because the driver calls pm_runtime_put_sync() unconditionally during device removal, but the device may already be suspended due to autosuspend configured during probe.

When autosuspend has already suspended the device, the usage count is zero, and calling pm_runtime_put_sync() decrements it to -1, causing a usage count underflow.

This underflow triggers a warning message on module unload indicating a runtime PM usage count underflow.

The fix replaces pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe, allowing pm_runtime_disable() to correctly handle reference count cleanup regardless of suspend state.

Impact Analysis

This vulnerability causes a runtime PM usage count underflow warning during module unload in the Linux kernel driver.

While the description does not specify direct security impacts such as privilege escalation or denial of service, the warning indicates improper power management reference counting which could potentially lead to unstable driver behavior or kernel warnings.

However, no explicit impact on system security or functionality beyond the warning is detailed.

Detection Guidance

This vulnerability can be detected by observing warning messages related to runtime PM usage count underflow in the kernel logs.

Specifically, look for the warning message similar to:

  • WARNING: CPU: <cpu_id> PID: <pid> at kernel/kthread.c:<line_number>
  • vdec 30210000.video-codec: Runtime PM usage count underflow!

You can check for this message by running the following command to search kernel logs:

  • dmesg | grep 'Runtime PM usage count underflow'

Alternatively, you can monitor system logs (e.g., /var/log/kern.log or /var/log/messages) for similar warnings.

Mitigation Strategies

The vulnerability is caused by improper handling of the PM runtime usage count in the chips-media wave5 driver.

Immediate mitigation involves updating the Linux kernel to a version where this issue is fixed.

The fix replaces the call to pm_runtime_put_sync() in the remove path with pm_runtime_dont_use_autosuspend(), ensuring proper pairing with pm_runtime_use_autosuspend() from probe.

This allows pm_runtime_disable() to correctly handle reference count cleanup regardless of the current suspend state, preventing usage count underflow.

Therefore, applying the patch or upgrading to a kernel version including this fix is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43301. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart