HIGHCVE-2026-43222Published Modified CNA Linux
CVE-2026-43222: media: verisilicon: AV1: Fix tile info buffer size
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: row_sb, col_sb, start_pos and end_pos (4 bytes each). So the total required memory is AV1_MAX_TILES * 16 bytes. Use the correct #define to allocate the buffer and avoid writing tile info in non-allocated memory.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
034f36f9c6114af781a5a4f7a7c99334c85b73fc76.6.1286.12.756.18.166.19.67.074abfadd7ef5ac9f3a6111d550cc651d1457c641a505ca2db89ad92a8d8d27fa68ebafb12e04a679a5b1ddbe31f49b4da78642157589970e9b60a231f122f2b3ce9dbde60bf7ab0b180fe4a01f9d9bc4
Affected packages
- Linux / Linux< a5b1ddbe31f49b4da78642157589970e9b60a231 (from 727a400686a2c0d25015c9e44916a59b72882f83) · < 34f36f9c6114af781a5a4f7a7c99334c85b73fc7 (from 727a400686a2c0d25015c9e44916a59b72882f83) · < f122f2b3ce9dbde60bf7ab0b180fe4a01f9d9bc4 (from 727a400686a2c0d25015c9e44916a59b72882f83) · < 74abfadd7ef5ac9f3a6111d550cc651d1457c641 (from 727a400686a2c0d25015c9e44916a59b72882f83) · < a505ca2db89ad92a8d8d27fa68ebafb12e04a679 (from 727a400686a2c0d25015c9e44916a59b72882f83)
- Linux / Linux6.5Fixed in 0, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H