In the Linux kernel, the following vulnerability has been resolved:
media: verisilicon: AV1: Fix tile info buffer size
Each tile info is composed of: rowsb, colsb, startpos and endpos (4 bytes each). So the total required memory is AV1MAXTILES * 16 bytes. Use the correct #define to allocate the buffer and avoid writing tile info in non-allocated memory.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43222.json"
}