CVE-2026-43217
Analyzed Analyzed - Analysis Complete
Kernel Memory Corruption in Linux Iris Gen2 Driver

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash. Add a NULL check for inst_hfi_gen2->packet before sendling STOP packet to firmware to fix that.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-05-27
AI Q&A
2026-05-06
EPSS Evaluated
2026-05-26
NVD
EUVD
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.15 (inc) to 6.18.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's media iris gen2 driver. When a session is stopped using iris_kill_session, the instance state is set to an error state and the session_close function frees a packet buffer. However, if stop_streaming is called afterward, it attempts to use the already freed packet, causing a crash. The fix involves adding a NULL check for the packet before sending a STOP packet to the firmware.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when stop_streaming is called after a session has been killed and its resources freed. Such a crash can lead to system instability, denial of service, or unexpected reboots, potentially disrupting normal operations.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed by adding a NULL check in the Linux kernel media iris gen2 driver to prevent crashes caused by stop_streaming calls after session closure.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart