CVE-2026-43297
NULL Pointer Dereference in Linux Kernel Rockchip RGA Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockchip | rga | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's media component for Rockchip's RGA (Raster Graphic Accelerator). Specifically, the function rga_get_frame() can return an error pointer ERR_PTR(-EINVAL) when the buffer type is unsupported or invalid. However, the function rga_buf_init() does not check this error return value and proceeds to dereference the pointer unconditionally when accessing the size field. This can lead to dereferencing an invalid pointer.
The fix involves adding proper error pointer checking in rga_buf_init() and returning the error instead of dereferencing the invalid pointer.
How can this vulnerability impact me? :
Dereferencing an invalid pointer can cause the Linux kernel to crash or behave unpredictably, potentially leading to system instability or denial of service. This could affect any system using the Rockchip RGA media component if it processes unsupported or invalid buffer types.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix for the ERR_PTR dereference in rga_buf_init() has been applied.
The fix involves proper checking of the ERR_PTR return value from rga_get_frame() to prevent dereferencing invalid pointers.
Therefore, applying the latest kernel patches or updates from your Linux distribution that address this issue is the immediate recommended step.