CVE Catalog

CVE-2026-52907

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the rockchip rkcif media driver has an off-by-one bug. Comparisons using > instead of >= may cause out-of-bounds array access. The fix also replaces _MAX enum values with ARRAY_SIZE.

Risk Assessment

The risk involves potential out-of-bounds memory read, which could lead to information disclosure or system instability.

Recommendation

Immediately update the Linux kernel to a version containing the fix for CVE-2026-52907.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix cosmetic issues]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS