CVE Catalog

CVE-2026-46313

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Intel IPU6 driver for the Linux kernel, an error pointer dereference was detected in the ipu6_pci_probe() function. In an error path, isp->psys is confirmed to be an error pointer (ERR_PTR) not NULL, leading to dereferencing of an invalid pointer. The issue was reported by Smatch.

Risk Assessment

This vulnerability may cause a kernel panic or unpredictable behavior when an error occurs during IPU6 driver initialization, affecting system stability.

Recommendation

Apply the Linux kernel patch that sets isp->psys to NULL before jumping to the out_ipu6_bus_del_devices label to prevent error pointer dereference.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before going to out_ipu6_bus_del_devices. Detected by Smatch: drivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error: 'isp->psys' dereferencing possible ERR_PTR() [Sakari Ailus: Fix commit message.]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS