In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop bound and passes the index to vfe_isr_reg_update(). However, vfe->line[] array is defined with VFE_LINE_NUM_MAX(4): struct vfe_line line[VFE_LINE_NUM_MAX]; When index is 4, 5, 6, the access to vfe->line[line_id] exceeds the array bounds and resulting in out-of-bounds memory access. Fix this by using separate loops for output lines and write masters.

A flaw was found in the Linux kernel's media subsystem, specifically within the Qualcomm Camera Subsystem (CAMSS) Video Front End (VFE) driver. An out-of-bounds memory access can occur in the `vfe_isr_reg_update()` function when processing interrupt service routines. This vulnerability arises because a loop iterates beyond the allocated array bounds, potentially allowing a local attacker to cause a denial of service (DoS) or information disclosure.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43256 https://nvd.nist.gov/vuln/detail/CVE-2026-43256 https://lore.kernel.org/linux-cve-announce/2026050605-CVE-2026-43256-cc2e@gregkh/T