Linux Kernel vfe Isr Out-of-Bounds Access in vfe_isr_reg_update()
CVE-2026-43256 Published on May 6, 2026
media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
In the Linux kernel, the following vulnerability has been resolved:
media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop
bound and passes the index to vfe_isr_reg_update(). However,
vfe->line[] array is defined with VFE_LINE_NUM_MAX(4):
struct vfe_line line[VFE_LINE_NUM_MAX];
When index is 4, 5, 6, the access to vfe->line[line_id] exceeds
the array bounds and resulting in out-of-bounds memory access.
Fix this by using separate loops for output lines and write masters.
Products Associated with CVE-2026-43256
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below e6cbf765686fb6c1d8f2530b3daf6c66efc92f5d is affected.
- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below 0c074e80921fd18984b75836730d76c768c84f65 is affected.
- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below 1b103307df6d461a0731be25aca69ad0335b0933 is affected.
- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below fade67c88870f497a13ed450ba01f7236c92dd9b is affected.
- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below e7a38ecda2498e7ce998793ac2a46ca47317635d is affected.
- Version 4edc8eae715cecf5f8bf12a0c77c281f336c37db and below d965919af524e68cb2ab1a685872050ad2ee933d is affected.
- Version 5.18 is affected.
- Before 5.18 is unaffected.
- Version 6.1.167, <= 6.1.* is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.