{
  "public_date" : "2026-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC",
    "id" : "2468130",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468130"
  },
  "cwe" : "CWE-770",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmedia: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC\nFor the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and\ng2 VPU cannot decode simultaneously; otherwise, it will cause below bus\nerror and produce corrupted pictures, even potentially lead to system hang.\n[  110.527986] hantro-vpu 38310000.video-codec: frame decode timed out.\n[  110.583517] hantro-vpu 38310000.video-codec: bus error detected.\nTherefore, it is necessary to ensure that g1 and g2 operate alternately.\nThis allows for successful multi-instance decoding of H.264 and HEVC.\nTo achieve this, g1 and g2 share the same v4l2_m2m_dev, and then the\nv4l2_m2m_dev can handle the scheduling.", "A flaw was found in the Linux kernel's Verisilicon media driver. On the i.MX8MQ platform, simultaneous decoding of H.264 and HEVC video streams by the g1 and g2 Video Processing Units (VPUs) can lead to a bus error. This issue can result in corrupted video output and potentially cause a system hang, leading to a Denial of Service." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43310\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43310\nhttps://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43310-4485@gregkh/T" ],
  "name" : "CVE-2026-43310",
  "csaw" : false
}