CVE-2026-46313
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Intel IPU6 driver for the Linux kernel, an error pointer dereference was detected in the ipu6_pci_probe() function. In an error path, isp->psys is confirmed to be an error pointer (ERR_PTR) not NULL, leading to dereferencing of an invalid pointer. The issue was reported by Smatch.
Risk Assessment
This vulnerability may cause a kernel panic or unpredictable behavior when an error occurs during IPU6 driver initialization, affecting system stability.
Recommendation
Apply the Linux kernel patch that sets isp->psys to NULL before jumping to the out_ipu6_bus_del_devices label to prevent error pointer dereference.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before going to out_ipu6_bus_del_devices. Detected by Smatch: drivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error: 'isp->psys' dereferencing possible ERR_PTR() [Sakari Ailus: Fix commit message.]

