CVE-2026-43301

MEDIUM EPSS 2.2%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state. The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pm_runtime_put_sync() decrements it to -1. This causes the following warning on module unload: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthread_destroy_worker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-191

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.8  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 3

  • git.kernel.org https://git.kernel.org/stable/c/0bffda02317989f8d5cdc2d4462a4110b1290cf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a278a55ead50db2444c8f01410c7f5a68723990
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0bffda02317989f8d5cdc2d4462a4110b1290cf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a278a55ead50db2444c8f01410c7f5a68723990
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38
    Patch