{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43189","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.992Z","datePublished":"2026-05-06T11:27:59.108Z","dateUpdated":"2026-05-11T22:19:34.106Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:19:34.106Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-async: Fix error handling on steps after finding a match\n\nOnce an async connection is found to be matching with an fwnode, a\nsub-device may be registered (in case it wasn't already), its bound\noperation is called, ancillary links are created, the async connection\nis added to the sub-device's list of connections and removed from the\nglobal waiting connection list. Further on, the sub-device's possible own\nnotifier is searched for possible additional matches.\n\nFix these specific issues:\n\n- If v4l2_async_match_notify() failed before the sub-notifier handling,\n  the async connection was unbound and its entry removed from the\n  sub-device's async connection list. The latter part was also done in\n  v4l2_async_match_notify().\n\n- The async connection's sd field was only set after creating ancillary\n  links in v4l2_async_match_notify(). It was however dereferenced in\n  v4l2_async_unbind_subdev_one(), which was called on error path of\n  v4l2_async_match_notify() failure."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/v4l2-core/v4l2-async.c"],"versions":[{"version":"28a1295795d85a25f2e7dd391c43969e95fcb341","lessThan":"30aaed311f973f13ba13a0cd2dc0202f595fff48","status":"affected","versionType":"git"},{"version":"28a1295795d85a25f2e7dd391c43969e95fcb341","lessThan":"461733d83e67ba7e3a5b750c0d203f738e01244f","status":"affected","versionType":"git"},{"version":"28a1295795d85a25f2e7dd391c43969e95fcb341","lessThan":"b02bcb378efa8af07827f49b3afcc5e825318c55","status":"affected","versionType":"git"},{"version":"28a1295795d85a25f2e7dd391c43969e95fcb341","lessThan":"2de0a3c8148fc3dbea21981e6569f550b3626119","status":"affected","versionType":"git"},{"version":"28a1295795d85a25f2e7dd391c43969e95fcb341","lessThan":"7345d6d356336c448d6b9230ed8704f39679fd12","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/v4l2-core/v4l2-async.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/30aaed311f973f13ba13a0cd2dc0202f595fff48"},{"url":"https://git.kernel.org/stable/c/461733d83e67ba7e3a5b750c0d203f738e01244f"},{"url":"https://git.kernel.org/stable/c/b02bcb378efa8af07827f49b3afcc5e825318c55"},{"url":"https://git.kernel.org/stable/c/2de0a3c8148fc3dbea21981e6569f550b3626119"},{"url":"https://git.kernel.org/stable/c/7345d6d356336c448d6b9230ed8704f39679fd12"}],"title":"media: v4l2-async: Fix error handling on steps after finding a match","x_generator":{"engine":"bippy-1.2.0"}}}}