CVE-2026-43217

MEDIUM

media: iris: gen2: Add sanity check for session stop

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash. Add a NULL check for inst_hfi_gen2->packet before sendling STOP packet to firmware to fix that.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/72846441c5f6396de9face04e77fa3d28e9915b6

https://git.kernel.org/stable/c/75992ba43072674fd4767df62a1fe2048565cc60

https://git.kernel.org/stable/c/9aa8d63d09cfc44d879427cc5ba308012ca4ab8e

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (9)

Linux/Linux < 6.15

Linux/Linux 11712ce70f8e52fc94365b48ee15aec806b02422 - 72846441c5f6396de9face04e77fa3d28e9915b6

Linux/Linux 11712ce70f8e52fc94365b48ee15aec806b02422 - 75992ba43072674fd4767df62a1fe2048565cc60

Linux/Linux 11712ce70f8e52fc94365b48ee15aec806b02422 - 9aa8d63d09cfc44d879427cc5ba308012ca4ab8e

Linux/Linux 6.15

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.15 - 6.18.16

Published May 06, 2026

Tracked Since May 06, 2026