CVE-2026-43297
Received Received - Intake
NULL Pointer Dereference in Linux Kernel Rockchip RGA Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() rga_get_frame() can return ERR_PTR(-EINVAL) when buffer type is unsupported or invalid. rga_buf_init() does not check the return value and unconditionally dereferences the pointer when accessing f->size. Add proper ERR_PTR checking and return the error to prevent dereferencing an invalid pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43297
EUVD
EUVD-2026-28567
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockchip rga *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix for the ERR_PTR dereference in rga_buf_init() has been applied.

The fix involves proper checking of the ERR_PTR return value from rga_get_frame() to prevent dereferencing invalid pointers.

Therefore, applying the latest kernel patches or updates from your Linux distribution that address this issue is the immediate recommended step.

Executive Summary

This vulnerability exists in the Linux kernel's media component for Rockchip's RGA (Raster Graphic Accelerator). Specifically, the function rga_get_frame() can return an error pointer ERR_PTR(-EINVAL) when the buffer type is unsupported or invalid. However, the function rga_buf_init() does not check this error return value and proceeds to dereference the pointer unconditionally when accessing the size field. This can lead to dereferencing an invalid pointer.

The fix involves adding proper error pointer checking in rga_buf_init() and returning the error instead of dereferencing the invalid pointer.

Impact Analysis

Dereferencing an invalid pointer can cause the Linux kernel to crash or behave unpredictably, potentially leading to system instability or denial of service. This could affect any system using the Rockchip RGA media component if it processes unsupported or invalid buffer types.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43297. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart