CVE-2026-43145

MEDIUM

remoteproc: imx_rproc: Fix invalid loaded resource table detection

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix invalid loaded resource table detection imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree contains a "rsc-table" entry, priv->rsc_table is non-NULL and denotes where a resource table would be located if one is present in memory. However, when the current firmware has no resource table, rproc->table_ptr is NULL. The function still returns priv->rsc_table, and the remoteproc core interprets this as a valid loaded resource table. Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when there is no resource table for the current firmware (i.e. when rproc->table_ptr is NULL). This aligns the function's semantics with the remoteproc core: a loaded resource table is only reported when a valid table_ptr exists. With this change, starting firmware without a resource table no longer triggers a crash.

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (28)
linux/Kernel < 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 6.12.0 - 6.18.16linux
linux/Kernel 6.13.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 6.12
Linux/Linux 1d750606fedcdff7886f35a558c51b05ce2680a6 - fcec79b6a3649ae7b1f659267602ca402c240d6e
Linux/Linux 3d131f138e092c414c69860f2c897c59d660da99
Linux/Linux 5.15.168 - 5.15.202
... and 18 more
Published May 06, 2026
Tracked Since May 06, 2026