CVE-2026-46222
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Linux Kernel Rockchip CIF Driver

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46222
EUVD
EUVD-2026-32849
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's media component for Rockchip devices, specifically in the rkcif driver. The issue is due to missing checks for connected devices on certain pads, which are components involved in media streaming. Because of this missing check, when a stream is enabled, the kernel may attempt to dereference a null pointer, leading to a crash or instability.

Impact Analysis

The vulnerability can cause the Linux kernel to crash or become unstable due to a null pointer dereference when enabling media streams on affected Rockchip devices. This can lead to denial of service conditions where media streaming functionality is disrupted or the entire system may become unresponsive.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart