CVE-2026-43217

MEDIUM EPSS 2.6%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash. Add a NULL check for inst_hfi_gen2->packet before sendling STOP packet to firmware to fix that.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.15  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 3

  • git.kernel.org https://git.kernel.org/stable/c/72846441c5f6396de9face04e77fa3d28e9915b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75992ba43072674fd4767df62a1fe2048565cc60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa8d63d09cfc44d879427cc5ba308012ca4ab8e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/72846441c5f6396de9face04e77fa3d28e9915b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75992ba43072674fd4767df62a1fe2048565cc60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa8d63d09cfc44d879427cc5ba308012ca4ab8e
    Patch