CVE-2026-43151

EUVD-2026-27714

06.05.2026, 12:16

In the Linux kernel, the following vulnerability has been resolved:

Revert "media: iris: Add sanity check for stop streaming"

This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.

Revert the check that skipped stop_streaming when the instance was in
IRIS_INST_ERROR, as it caused multiple regressions:

1. Buffers were not returned to vb2 when the instance was already in
   error state, triggering warnings in the vb2 core because buffer
   completion was skipped.

2. If a session failed early (e.g. unsupported configuration), the
   instance transitioned to IRIS_INST_ERROR. When userspace attempted
   to stop streaming for cleanup, stop_streaming was skipped due to the
   added check, preventing proper teardown and leaving the firmware
   in an inconsistent state.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.159-1 fixed
bookworm (security)	6.1.170-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-4 fixed
forky	6.19.14-1 fixed
sid	7.0.4-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.86-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht spezifizierte Angriffe durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-06T22:00:00+00:00

References

https://git.kernel.org/stable/c/370e19042fb8ac68109f8bdb0fdd8118baf39318

https://git.kernel.org/stable/c/a58b9d1c1cf81c0b29f1983c63c3e0c0caa68398

https://git.kernel.org/stable/c/bd4f8fa216182f33c06d4c1e162975a0c42fb14e