CVE-2026-43222 Overview
CVE-2026-43222 is a Linux kernel vulnerability in the Verisilicon media driver. The flaw exists in the AV1 video decoding path, where the tile information buffer is allocated using an incorrect size constant. Each tile entry contains four 4-byte fields (row_sb, col_sb, start_pos, end_pos), requiring AV1_MAX_TILES * 16 bytes of memory. The original allocation was insufficient, allowing tile info writes to extend into non-allocated memory regions. Maintainers have resolved the issue across multiple stable kernel branches.
Critical Impact
An out-of-bounds write in kernel memory caused by an undersized buffer allocation in the AV1 tile info handling logic, which can corrupt adjacent kernel structures during video decoding.
Affected Products
- Linux kernel — Verisilicon hantro media driver (AV1 decoder)
- Stable kernel branches receiving backported fixes (34f36f9, 74abfadd, a505ca2d, a5b1ddbe, f122f2b3)
- Linux distributions packaging the affected media/verisilicon driver
Discovery Timeline
- 2026-05-06 - CVE-2026-43222 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43222
Vulnerability Analysis
The vulnerability resides in the Verisilicon hantro media driver, which handles hardware-accelerated AV1 video decoding on Linux. AV1 frames are partitioned into tiles, and the driver maintains a tile info buffer to feed decoder hardware with metadata for each tile.
Each tile info entry contains four 32-bit values: row_sb, col_sb, start_pos, and end_pos. The total buffer requirement is therefore AV1_MAX_TILES * 16 bytes. The driver allocated the buffer using an incorrect size definition that did not account for all four fields per tile, producing an undersized region.
When the decoder writes tile info for streams with high tile counts, the writes extend beyond the allocated bounds. This corrupts adjacent kernel heap memory and may destabilize unrelated kernel objects.
Root Cause
The root cause is an incorrect #define used during buffer allocation [CWE-787]. The chosen constant did not multiply AV1_MAX_TILES by the per-tile size of 16 bytes. The fix substitutes the correct size macro so that the allocation matches the structure actually written by the driver.
Attack Vector
Exploitation requires the ability to submit a crafted AV1 bitstream to the Verisilicon decoder through the V4L2 (Video4Linux2) interface. A local user with access to the media device, or a process decoding attacker-supplied AV1 content, can trigger the out-of-bounds write. The result is kernel heap corruption, leading to denial of service or, depending on adjacent allocations, potential privilege escalation.
No verified public exploit code is available. The fix is documented in the upstream patches referenced below.
Detection Methods for CVE-2026-43222
Indicators of Compromise
- Unexpected kernel oops or BUG: messages referencing hantro or verisilicon modules in dmesg.
- KASAN (Kernel Address Sanitizer) reports of out-of-bounds writes in AV1 tile info allocation paths.
- Sudden process crashes or system instability when decoding AV1 video on Verisilicon hardware.
Detection Strategies
- Inventory running kernels and identify hosts using the hantro driver via lsmod | grep hantro and compare against patched stable releases.
- Enable KASAN in test environments to surface heap out-of-bounds writes triggered by malformed AV1 streams.
- Audit V4L2 device permissions to identify which local users or services can submit AV1 decode requests.
Monitoring Recommendations
- Forward kernel ring buffer logs to a centralized logging system and alert on hantro, verisilicon, or KASAN strings.
- Monitor for repeated decoder process crashes that could indicate exploitation attempts using crafted AV1 content.
- Track package versions of linux-image-* across the fleet to confirm patch deployment status.
How to Mitigate CVE-2026-43222
Immediate Actions Required
- Update to a Linux kernel build that includes one of the upstream commits: 34f36f9c, 74abfadd, a505ca2d, a5b1ddbe, or f122f2b3.
- Restrict access to /dev/video* and related V4L2 nodes to trusted users and services only.
- On systems that do not require hardware AV1 decoding, unload the hantro driver or blacklist it.
Patch Information
The issue is fixed by replacing the incorrect allocation size with AV1_MAX_TILES * 16 bytes via the correct #define. Patches are available in the upstream stable tree: Kernel Patch 34f36f9, Kernel Patch 74abfadd, Kernel Patch a505ca2d, Kernel Patch a5b1ddbe, and Kernel Patch f122f2b3. Apply the distribution kernel update that incorporates these commits.
Workarounds
- Disable the hantro module on systems that do not require Verisilicon AV1 hardware decoding using modprobe -r hantro_vpu and add it to the module blacklist.
- Avoid decoding untrusted AV1 content on unpatched systems with Verisilicon hardware.
- Apply tighter udev rules to limit V4L2 device access to a dedicated media group.
# Configuration example
# Blacklist the verisilicon hantro driver until patched kernel is deployed
echo "blacklist hantro_vpu" | sudo tee /etc/modprobe.d/blacklist-hantro.conf
sudo modprobe -r hantro_vpu 2>/dev/null || true
# Verify running kernel version after update
uname -r
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
