CVE-2026-43256

HIGH

media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop bound and passes the index to vfe_isr_reg_update(). However, vfe->line[] array is defined with VFE_LINE_NUM_MAX(4): struct vfe_line line[VFE_LINE_NUM_MAX]; When index is 4, 5, 6, the access to vfe->line[line_id] exceeds the array bounds and resulting in out-of-bounds memory access. Fix this by using separate loops for output lines and write masters.

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (20)
linux/Kernel 5.18.0 - 6.1.167linux
linux/Kernel 6.13.0 - 6.18.16linux
linux/Kernel 6.19.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 5.18
Linux/Linux 4edc8eae715cecf5f8bf12a0c77c281f336c37db - 0c074e80921fd18984b75836730d76c768c84f65
Linux/Linux 4edc8eae715cecf5f8bf12a0c77c281f336c37db - 1b103307df6d461a0731be25aca69ad0335b0933
Linux/Linux 4edc8eae715cecf5f8bf12a0c77c281f336c37db - d965919af524e68cb2ab1a685872050ad2ee933d
Linux/Linux 4edc8eae715cecf5f8bf12a0c77c281f336c37db - e6cbf765686fb6c1d8f2530b3daf6c66efc92f5d
... and 10 more
Published May 06, 2026
Tracked Since May 06, 2026