FKIE_CVE-2026-46222

Vulnerability from fkie_nvd - Published: 2026-05-28 10:16 - Updated: 2026-05-28 13:44
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rkcif: Add missing MUST_CONNECT flag to pads\n\nThe pads missed checks for connected devices which may a null dereference\nwhen the stream is enabled.\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000020\npc : rkcif_interface_enable_streams+0x48/0xf0\nlr : rkcif_interface_enable_streams+0x44/0xf0\nCall trace:\n rkcif_interface_enable_streams+0x48/0xf0\n v4l2_subdev_enable_streams+0x26c/0x3f0\n rkcif_stream_start_streaming+0x140/0x278\n vb2_start_streaming+0x74/0x188\n vb2_core_streamon+0xe0/0x1d8\n vb2_ioctl_streamon+0x60/0xa8\n v4l_streamon+0x2c/0x40\n __video_do_ioctl+0x34c/0x400\n video_usercopy+0x2d0/0x800\n video_ioctl2+0x20/0x60\n v4l2_ioctl+0x48/0x78"
    }
  ],
  "id": "CVE-2026-46222",
  "lastModified": "2026-05-28T13:44:01.663",
  "metrics": {},
  "published": "2026-05-28T10:16:37.823",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.