CVE-2026-43256

Source
https://cve.org/CVERecord?id=CVE-2026-43256
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43256.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43256
Downstream
Published
2026-05-06T11:28:45.209Z
Modified
2026-06-18T03:55:04.380436593Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
Details

In the Linux kernel, the following vulnerability has been resolved:

media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrreg_update()

vfeisr() iterates using MSMVFEIMAGEMASTERSNUM(7) as the loop bound and passes the index to vfeisrregupdate(). However, vfe->line[] array is defined with VFELINENUM_MAX(4):

struct vfe_line line[VFE_LINE_NUM_MAX];

When index is 4, 5, 6, the access to vfe->line[line_id] exceeds the array bounds and resulting in out-of-bounds memory access.

Fix this by using separate loops for output lines and write masters.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43256.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4edc8eae715cecf5f8bf12a0c77c281f336c37db
Fixed
e6cbf765686fb6c1d8f2530b3daf6c66efc92f5d
Fixed
0c074e80921fd18984b75836730d76c768c84f65
Fixed
1b103307df6d461a0731be25aca69ad0335b0933
Fixed
fade67c88870f497a13ed450ba01f7236c92dd9b
Fixed
e7a38ecda2498e7ce998793ac2a46ca47317635d
Fixed
d965919af524e68cb2ab1a685872050ad2ee933d

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43256.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43256.json"