CVE-2026-43310
Received Received - Intake
Bus Error in Linux Kernel VPU Decoding

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produce corrupted pictures, even potentially lead to system hang. [ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out. [ 110.583517] hantro-vpu 38310000.video-codec: bus error detected. Therefore, it is necessary to ensure that g1 and g2 operate alternately. This allows for successful multi-instance decoding of H.264 and HEVC. To achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the v4l2_m2m_dev can handle the scheduling.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43310
EUVD
EUVD-2026-28580
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
verisilicon h.264 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel related to the Verisilicon media driver on the i.MX8MQ platform. The hardware has a limitation where the g1 VPU and g2 VPU cannot decode video streams simultaneously. If both VPUs attempt to decode H.264 and HEVC streams at the same time, it causes a bus error, resulting in corrupted video frames and potentially causing the system to hang.

To prevent this, the system must ensure that the g1 and g2 VPUs operate alternately rather than concurrently. This is managed by having both VPUs share the same v4l2_m2m_dev device, which handles scheduling to avoid simultaneous decoding and thus prevents the bus error.

Impact Analysis

If this vulnerability is triggered, it can cause bus errors during video decoding, leading to corrupted video output and potentially causing the entire system to hang or become unresponsive. This can disrupt media playback or processing on affected devices using the i.MX8MQ platform with the Verisilicon VPUs.

Detection Guidance

This vulnerability can be detected by monitoring system logs for specific error messages related to the hardware limitation on the i.MX8MQ platform when decoding H.264 and HEVC streams.

  • Look for kernel log messages such as: "hantro-vpu 38310000.video-codec: frame decode timed out."
  • Look for kernel log messages such as: "hantro-vpu 38310000.video-codec: bus error detected."

You can use the following command to check for these messages in the kernel log:

  • dmesg | grep -E 'hantro-vpu.*(frame decode timed out|bus error detected)'
Mitigation Strategies

To mitigate this vulnerability, ensure that the g1 and g2 VPU units do not decode simultaneously on the i.MX8MQ platform.

This can be achieved by configuring the system so that g1 and g2 operate alternately, preventing bus errors and corrupted pictures.

Specifically, g1 and g2 should share the same v4l2_m2m_dev device, which will handle scheduling and enforce alternate operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart