CVE-2026-46222

MEDIUM

media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0

https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57

Scores

CVSS v3 5.5

EPSS 0.0010

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (8)

Linux/Linux < 6.19

Linux/Linux 6.19

Linux/Linux 7.0.9 - 7.0.*

Linux/Linux 7.1

Linux/Linux 7.1-rc1

Linux/Linux 85411d17bee99b0a99e983f37188f9cdacfded54 - 318142640590342bfec7aa06d0bdcd0ddbf953d0

Linux/Linux 85411d17bee99b0a99e983f37188f9cdacfded54 - 8e3c751259dc2d1325838eff26f41032523c7b57

linux/linux_kernel 6.19 - 7.0.9

Published May 28, 2026

Tracked Since May 28, 2026