CVE-2026-43217

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

06/05/2026

Last modified:

06/05/2026

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen2: Add sanity check for session stop In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash. Add a NULL check for inst_hfi_gen2->packet before sendling STOP packet to firmware to fix that.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/72846441c5f6396de9face04e77fa3d28e9915b6
https://git.kernel.org/stable/c/75992ba43072674fd4767df62a1fe2048565cc60
https://git.kernel.org/stable/c/9aa8d63d09cfc44d879427cc5ba308012ca4ab8e