CVE-2026-43217
Kernel Memory Corruption in Linux Iris Gen2 Driver
Publication date: 2026-05-06
Last updated on: 2026-05-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.19 (inc) to 6.19.6 (exc) |
| linux | linux_kernel | From 6.15 (inc) to 6.18.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed by adding a NULL check in the Linux kernel media iris gen2 driver to prevent crashes caused by stop_streaming calls after session closure.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's media iris gen2 driver. When a session is stopped using iris_kill_session, the instance state is set to an error state and the session_close function frees a packet buffer. However, if stop_streaming is called afterward, it attempts to use the already freed packet, causing a crash. The fix involves adding a NULL check for the packet before sending a STOP packet to the firmware.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash when stop_streaming is called after a session has been killed and its resources freed. Such a crash can lead to system instability, denial of service, or unexpected reboots, potentially disrupting normal operations.