Linux Kernel Chips Media Wave5 Null Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been addressed in the Linux kernel's media chips for the Wave5 decoder. This issue arose because the 'vpu_instance' structure, shared across the decoder's workflow, was not properly protected by locks. During the creation and destruction of multiple instances, unprotected access led to occasional null dereferences. The vulnerability has been mitigated by splitting the interrupt request (IRQ) handling into two phases and introducing appropriate locking mechanisms.

Impact

Exploitation of this vulnerability could lead to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Added: May 6, 2026, 12:45 PM

Updated: May 6, 2026, 12:45 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

7.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

7.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Chips Media Wave5 Null Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating