Home

Description

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: row_sb, col_sb, start_pos and end_pos (4 bytes each). So the total required memory is AV1_MAX_TILES * 16 bytes. Use the correct #define to allocate the buffer and avoid writing tile info in non-allocated memory.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-08 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

727a400686a2c0d25015c9e44916a59b72882f83 (git) before a5b1ddbe31f49b4da78642157589970e9b60a231
affected

727a400686a2c0d25015c9e44916a59b72882f83 (git) before 34f36f9c6114af781a5a4f7a7c99334c85b73fc7
affected

727a400686a2c0d25015c9e44916a59b72882f83 (git) before f122f2b3ce9dbde60bf7ab0b180fe4a01f9d9bc4
affected

727a400686a2c0d25015c9e44916a59b72882f83 (git) before 74abfadd7ef5ac9f3a6111d550cc651d1457c641
affected

727a400686a2c0d25015c9e44916a59b72882f83 (git) before a505ca2db89ad92a8d8d27fa68ebafb12e04a679
affected

Default status
affected

6.5
affected

Any version before 6.5
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.16 (semver)
unaffected

6.19.6 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a5b1ddbe31f49b4da78642157589970e9b60a231

git.kernel.org/...c/34f36f9c6114af781a5a4f7a7c99334c85b73fc7

git.kernel.org/...c/f122f2b3ce9dbde60bf7ab0b180fe4a01f9d9bc4

git.kernel.org/...c/74abfadd7ef5ac9f3a6111d550cc651d1457c641

git.kernel.org/...c/a505ca2db89ad92a8d8d27fa68ebafb12e04a679

cve.org (CVE-2026-43222)

nvd.nist.gov (CVE-2026-43222)

Download JSON