HOMEVULNERABILITIESCVE-2026-43247
MEDIUM

CVE-2026-43247

Published: May 6, 2026· Updated: May 11, 2026

5.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix SError of kernel panic when closed

SError of kernel panic rarely happened while testing fluster.

The root cause was to enter suspend mode because timeout of autosuspend

delay happened.

[ 48.834439] SError Interrupt on CPU0, code 0x00000000bf000000 -- SError

[ 48.834455] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7

[ 48.834461] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025

[ 48.834464] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)

[ 48.834468] pc : wave5_dec_clr_disp_flag+0x40/0x80 [wave5]

[ 48.834488] lr : wave5_dec_clr_disp_flag+0x40/0x80 [wave5]

[ 48.834495] sp : ffff8000856e3a30

[ 48.834497] x29: ffff8000856e3a30 x28: ffff0008093f6010 x27: ffff000809158130

[ 48.834504] x26: 0000000000000000 x25: ffff00080b625000 x24: ffff000804a9ba80

[ 48.834509] x23: ffff000802343028 x22: ffff000809158150 x21: ffff000802218000

[ 48.834513] x20: ffff0008093f6000 x19: ffff0008093f6000 x18: 0000000000000000

[ 48.834518] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff74009618

[ 48.834523] x14: 000000010000000c x13: 0000000000000000 x12: 0000000000000000

[ 48.834527] x11: ffffffffffffffff x10: ffffffffffffffff x9 : ffff000802343028

[ 48.834532] x8 : ffff00080b6252a0 x7 : 0000000000000038 x6 : 0000000000000000

[ 48.834536] x5 : ffff00080b625060 x4 : 0000000000000000 x3 : 0000000000000000

[ 48.834541] x2 : 0000000000000000 x1 : ffff800084bf0118 x0 : ffff800084bf0000

[ 48.834547] Kernel panic - not syncing: Asynchronous SError Interrupt

[ 48.834549] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7

[ 48.834554] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025

[ 48.834556] Call trace:

[ 48.834559] dump_backtrace+0x94/0xec

[ 48.834574] show_stack+0x18/0x24

[ 48.834579] dump_stack_lvl+0x38/0x90

[ 48.834585] dump_stack+0x18/0x24

[ 48.834588] panic+0x35c/0x3e0

[ 48.834592] nmi_panic+0x40/0x8c

[ 48.834595] arm64_serror_panic+0x64/0x70

[ 48.834598] do_serror+0x3c/0x78

[ 48.834601] el1h_64_error_handler+0x34/0x4c

[ 48.834605] el1h_64_error+0x64/0x68

[ 48.834608] wave5_dec_clr_disp_flag+0x40/0x80 [wave5]

[ 48.834615] wave5_vpu_dec_clr_disp_flag+0x54/0x80 [wave5]

[ 48.834622] wave5_vpu_dec_buf_queue+0x19c/0x1a0 [wave5]

[ 48.834628] __enqueue_in_driver+0x3c/0x74 [videobuf2_common]

[ 48.834639] vb2_core_qbuf+0x508/0x61c [videobuf2_common]

[ 48.834646] vb2_qbuf+0xa4/0x168 [videobuf2_v4l2]

[ 48.834656] v4l2_m2m_qbuf+0x80/0x238 [v4l2_mem2mem]

[ 48.834666] v4l2_m2m_ioctl_qbuf+0x18/0x24 [v4l2_mem2mem]

[ 48.834673] v4l_qbuf+0x48/0x5c [videodev]

[ 48.834704] __video_do_ioctl+0x180/0x3f0 [videodev]

[ 48.834725] video_usercopy+0x2ec/0x68c [videodev]

[ 48.834745] video_ioctl2+0x18/0x24 [videodev]

[ 48.834766] v4l2_ioctl+0x40/0x60 [videodev]

[ 48.834786] __arm64_sys_ioctl+0xa8/0xec

[ 48.834793] invoke_syscall+0x44/0x100

[ 48.834800] el0_svc_common.constprop.0+0xc0/0xe0

[ 48.834804] do_el0_svc+0x1c/0x28

[ 48.834809] el0_svc+0x30/0xd0

[ 48.834813] el0t_64_sync_handler+0xc0/0xc4

[ 48.834816] el0t_64_sync+0x190/0x194

[ 48.834820] SMP: stopping secondary CPUs

[ 48.834831] Kernel Offset: disabled

[ 48.834833] CPU features: 0x08,00002002,80200000,4200421b

[ 48.834837] Memory Limit: none

[ 49.161404] ---[ end Kernel panic - not syncing: Asynchronous SError Interrupt ]---

NVD Source

Technical Analysis

CVE-2026-43247 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 1 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-43247
CVSS Score5.5 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedMay 6, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43247 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.