CVE-2026-43297
Received Received - Intake

NULL Pointer Dereference in Linux Kernel Rockchip RGA Driver

Vulnerability report for CVE-2026-43297, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() rga_get_frame() can return ERR_PTR(-EINVAL) when buffer type is unsupported or invalid. rga_buf_init() does not check the return value and unconditionally dereferences the pointer when accessing f->size. Add proper ERR_PTR checking and return the error to prevent dereferencing an invalid pointer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-07-09
AI Q&A
2026-05-09
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rockchip rga *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the Linux kernel's media component for Rockchip's RGA (Raster Graphic Accelerator). Specifically, the function rga_get_frame() can return an error pointer ERR_PTR(-EINVAL) when the buffer type is unsupported or invalid. However, the function rga_buf_init() does not check this error return value and proceeds to dereference the pointer unconditionally when accessing the size field. This can lead to dereferencing an invalid pointer.

The fix involves adding proper error pointer checking in rga_buf_init() and returning the error instead of dereferencing the invalid pointer.

Impact Analysis

Dereferencing an invalid pointer can cause the Linux kernel to crash or behave unpredictably, potentially leading to system instability or denial of service. This could affect any system using the Rockchip RGA media component if it processes unsupported or invalid buffer types.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix for the ERR_PTR dereference in rga_buf_init() has been applied.

The fix involves proper checking of the ERR_PTR return value from rga_get_frame() to prevent dereferencing invalid pointers.

Therefore, applying the latest kernel patches or updates from your Linux distribution that address this issue is the immediate recommended step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43297. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart