Bug 2461493 (CVE-2026-31573) - CVE-2026-31573 kernel: media: verisilicon: Fix kernel panic due to __initconst misuse
Summary: CVE-2026-31573 kernel: media: verisilicon: Fix kernel panic due to __initcons...
Keywords:
Status: NEW
Alias: CVE-2026-31573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-24 15:04 UTC by OSIDB Bzimport
Modified: 2026-04-24 18:12 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-24 15:04:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: verisilicon: Fix kernel panic due to __initconst misuse

Fix a kernel panic when probing the driver as a module:

  Unable to handle kernel paging request at virtual address
  ffffd9c18eb05000
  of_find_matching_node_and_match+0x5c/0x1a0
  hantro_probe+0x2f4/0x7d0 [hantro_vpu]

The imx8mq_vpu_shared_resources array is referenced by variant
structures through their shared_devices field. When built as a
module, __initconst causes this data to be freed after module
init, but it's later accessed during probe, causing a page fault.

The imx8mq_vpu_shared_resources is referenced from non-init code,
so keeping __initconst or __initconst_or_module here is wrong.

Drop the __initconst annotation and let it live in the normal .rodata
section.

A bug of __initconst called from regular non-init probe code
leading to bugs during probe deferrals or during unbind-bind cycles.
Comment 1 Keith Grant 2026-04-24 18:10:50 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042403-CVE-2026-31573-4d0a@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.