Skip to main content

Linux Kernel CVE-2026-43297

| EUVDEUVD-2026-28567 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 Linux GHSA-74vx-jmcf-f65x
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 15:07 vuln.today
CVSS changed
May 15, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()

rga_get_frame() can return ERR_PTR(-EINVAL) when buffer type is unsupported or invalid. rga_buf_init() does not check the return value and unconditionally dereferences the pointer when accessing f->size.

Add proper ERR_PTR checking and return the error to prevent dereferencing an invalid pointer.

AnalysisAI

Local denial-of-service in Linux kernel's Rockchip RGA media driver allows authenticated users with low privileges to crash the system through NULL pointer dereference. The vulnerability affects kernel versions 6.8+ containing the Rockchip RGA driver, where rga_buf_init() fails to validate ERR_PTR returns from rga_get_frame() before dereferencing frame size. Vendor patches available across stable branches (6.12.75, 6.18.16, 6.19.6). EPSS score 0.02% (5th percentile) indicates minimal real-world exploitation likelihood, consistent with local-only attack vector requiring authenticated access.

Technical ContextAI

The Rockchip RGA (Raster Graphic Acceleration) driver provides hardware-accelerated 2D graphics operations in the Linux kernel media subsystem. The vulnerability stems from CWE-476 (NULL Pointer Dereference) in the buffer initialization path. The rga_get_frame() function returns ERR_PTR(-EINVAL) when encountering unsupported or invalid buffer types, encoding error codes as pointers using Linux kernel's ERR_PTR macro. The rga_buf_init() function unconditionally dereferences this return value to access the frame structure's size member (f->size) without first validating it using IS_ERR() checks. When an invalid buffer type is passed, this dereferences an error-encoded pointer value rather than valid memory, triggering a kernel NULL pointer dereference and system panic. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* covers mainline and stable kernel branches containing the vulnerable code path introduced in commit 6040702ade23.

RemediationAI

Upgrade to patched Linux kernel versions: 6.12.75+ in the 6.12.x series, 6.18.16+ in 6.18.x series, 6.19.6+ in 6.19.x series, or mainline 7.0+. Patches available via upstream stable tree at https://git.kernel.org/stable/c/81f8e0e6a2e115df9274d0289779f8fca694479c (mainline) and corresponding stable branch commits. For systems unable to immediately upgrade, disable the Rockchip RGA driver module with 'rmmod rockchip_rga' or blacklist via '/etc/modprobe.d/blacklist-rga.conf' containing 'blacklist rockchip_rga'. Note this mitigation disables hardware-accelerated 2D graphics operations, forcing software rendering fallback which may impact video playback and compositor performance on affected Rockchip-based devices. Alternatively, restrict access to /dev/video* device nodes to trusted users only via udev rules, though this may break legitimate multimedia applications. Verify patch application by checking kernel version with 'uname -r' and confirming absence of vulnerable code path in drivers/media/platform/rockchip/rga/rga-buf.c.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy