Bug 2468130 (CVE-2026-43310)

Summary: CVE-2026-43310 kernel: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's Verisilicon media driver. On the i.MX8MQ platform, simultaneous decoding of H.264 and HEVC video streams by the g1 and g2 Video Processing Units (VPUs) can lead to a bus error. This issue can result in corrupted video output and potentially cause a system hang, leading to a Denial of Service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-08 14:05:58 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and
g2 VPU cannot decode simultaneously; otherwise, it will cause below bus
error and produce corrupted pictures, even potentially lead to system hang.

[  110.527986] hantro-vpu 38310000.video-codec: frame decode timed out.
[  110.583517] hantro-vpu 38310000.video-codec: bus error detected.

Therefore, it is necessary to ensure that g1 and g2 operate alternately.
This allows for successful multi-instance decoding of H.264 and HEVC.

To achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the
v4l2_m2m_dev can handle the scheduling.
Comment 1 Keith Grant 2026-05-08 18:55:21 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43310-4485@gregkh/T