Description
In the Linux kernel, the following vulnerability has been resolved:

remoteproc: imx_rproc: Fix invalid loaded resource table detection

imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded
resource table even when the current firmware does not provide one.

When the device tree contains a "rsc-table" entry, priv->rsc_table is
non-NULL and denotes where a resource table would be located if one is
present in memory. However, when the current firmware has no resource
table, rproc->table_ptr is NULL. The function still returns
priv->rsc_table, and the remoteproc core interprets this as a valid loaded
resource table.

Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when
there is no resource table for the current firmware (i.e. when
rproc->table_ptr is NULL). This aligns the function's semantics with the
remoteproc core: a loaded resource table is only reported when a valid
table_ptr exists.

With this change, starting firmware without a resource table no longer
triggers a crash.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The imx_rproc driver contains a check that identifies a resource table present in firmware, but the function can mistakenly return a non‑NULL pointer when no table exists. The remoteproc core treats a non‑NULL value as evidence that a table is loaded and later dereferences it. Because the actual pointer is NULL, a crash occurs when the device starts executing firmware lacking a resource table. This crash stops the affected device or system from functioning until it is rebooted or the firmware is replaced, resulting in a denial of service.

Affected Systems

All Linux kernel builds that ship the imx_rproc driver in the remoteproc subsystem are affected. No particular release series is listed, so any kernel that has not incorporated commit 198c629bd03863591f3fbf5ce8ff974a33f13dc9 (or a functionally equivalent fix) remains vulnerable. The affected vendor is Linux. The vulnerability manifests when a device tree contains a "rsc-table" entry while the firmware image loaded through remoteproc does not provide a resource table.

Risk and Exploitability

The CVSS score is not provided; the EPSS score is unavailable, and the vulnerability does not appear in the CISA KEV catalog. Exploitation requires an attacker who can deliver or modify the firmware image used by the remoteproc driver, or who can alter the device tree so that it declares a resource table when none exists. The likely attack vector is inferred from the description, suggesting that either firmware replacement or device tree manipulation by a privileged or local adversary is necessary. Because the flaw causes an unconditional driver crash, the impact is a denial of service that afflicts the entire device. The risk is high, although the likelihood of exploitation is limited to environments where firmware or device tree manipulation is possible.

Generated by OpenCVE AI on May 6, 2026 at 16:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the commit that changes imx_rproc_elf_find_loaded_rsc_table to return NULL when no resource table is present, such as any recent stable release containing commit 198c629bd03863591f3fbf5ce8ff974a33f13dc9.
  • If operating on a custom or legacy kernel, backport the relevant commit changes that implement the NULL return behavior so the driver no longer reports a loaded resource table incorrectly.
  • Audit device tree definitions and firmware images to ensure that an rsc-table entry is only declared when the firmware actually contains a resource table; alternatively, disable the remoteproc driver on systems that do not require it.

Generated by OpenCVE AI on May 6, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix invalid loaded resource table detection imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree contains a "rsc-table" entry, priv->rsc_table is non-NULL and denotes where a resource table would be located if one is present in memory. However, when the current firmware has no resource table, rproc->table_ptr is NULL. The function still returns priv->rsc_table, and the remoteproc core interprets this as a valid loaded resource table. Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when there is no resource table for the current firmware (i.e. when rproc->table_ptr is NULL). This aligns the function's semantics with the remoteproc core: a loaded resource table is only reported when a valid table_ptr exists. With this change, starting firmware without a resource table no longer triggers a crash.
Title remoteproc: imx_rproc: Fix invalid loaded resource table detection
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:27:28.911Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43145

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:31.983

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T16:30:06Z

Weaknesses