CVE-2026-43290

Published: May 8, 2026

Modified: May 11, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on start_streaming() failure Return buffers if streaming fails to start due to uvc_pm_get() error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on an xHCI controller which failed under this workload. I had no luck reproducing this warning again to confirm. xhci_hcd 0000:09:00.0: HC died; cleaning up usb 13-2: USB disconnect, device number 2 WARNING: CPU: 2 PID: 29386 at drivers/media/common/videobuf2/videobuf2-core.c:1803 vb2_start_streaming+0xac/0x120

Vendor	Product	Versions
Linux	Linux	affected `7dd56c47784a466b03df62ca766207f483353cdc - < 69c32df23bed6001864779b965fa009bcd9a26de` affected `7dd56c47784a466b03df62ca766207f483353cdc - < a5c01f15809d1d2c319d8bfb11d071df11ab731c` affected `7dd56c47784a466b03df62ca766207f483353cdc - < 4cf3b6fd54ebb1ebc977bdc47fb6cfcf9a471a22`
Linux	Linux	affected `6.17` unaffected `0 - < 6.17` unaffected `6.18.16 - <= 6.18.` unaffected `6.19.6 - <= 6.19.` unaffected `7.0 - <= *`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://git.kernel.org/stable/c/69c32df23bed6001864779b965fa009bcd9a26de

https://git.kernel.org/stable/c/a5c01f15809d1d2c319d8bfb11d071df11ab731c

https://git.kernel.org/stable/c/4cf3b6fd54ebb1ebc977bdc47fb6cfcf9a471a22

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43290

Description

Affected Products

CVSS v3.1 Details

References