CVE-2026-43177 - Vulnerability Details

- media: ipu6: Fix RPM reference leak in probe error paths

Description

In the Linux kernel, the following vulnerability has been resolved:

media: ipu6: Fix RPM reference leak in probe error paths

Several error paths in ipu6_pci_probe() were jumping directly to
out_ipu6_bus_del_devices without releasing the runtime PM reference.
Add pm_runtime_put_sync() before cleaning up other resources.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s IPU6 media driver contains a bug in ipu6_pci_probe() where error paths skip a pm_runtime_put_sync() call, leaving a runtime power‑management reference undisposed. This results in a non‑decremented reference count that can grow each time the probe fails, potentially exhausting kernel resources. The vulnerability does not grant code execution or privilege escalation, but it weakens system availability by increasing kernel memory pressure and risk of instability.

Affected Systems

Systems running Linux kernels that include the IPU6 media driver are affected. The advisory does not enumerate specific kernel versions; the patch applies to upstream releases that contain the modified ipu6_pci_probe() routine. Thus any kernel build that includes the legacy implementation without the added runtime‑PM release is vulnerable.

Risk and Exploitability

Based on the description, the likely attack vector is a local or privileged user that can induce probe failures on the IPU6 device, causing repeated unreleased references to accumulate. This can lead to resource exhaustion and could destabilize the system. The severity is moderate, as the flaw requires access to the PCI subsystem and does not allow arbitrary code execution. The CVSS score is 5.5, indicating moderate severity. The EPSS score of less than 1% indicates an extremely low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`25fedc021985a66a357a599ab771d6b495b6f78c`	affected	< fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac
`25fedc021985a66a357a599ab771d6b495b6f78c`	affected	< 364759ccc3fb49754758c585c530407f96683030
`25fedc021985a66a357a599ab771d6b495b6f78c`	affected	< 3cd9e7539a3010a83391fecade1186cf30e616c9
`25fedc021985a66a357a599ab771d6b495b6f78c`	affected	< 6099f78e4c9223f4de4169d2fd1cded01279da1a

Linux

affected

Version	Status	Constraints
`6.10`	affected	—
`0`	unaffected	< 6.10
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[25fedc021985a66a357a599ab771d6b495b6f78c,fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac)`	affected	code_commit	—
`[25fedc021985a66a357a599ab771d6b495b6f78c,364759ccc3fb49754758c585c530407f96683030)`	affected	code_commit	—
`[25fedc021985a66a357a599ab771d6b495b6f78c,3cd9e7539a3010a83391fecade1186cf30e616c9)`	affected	code_commit	—
`[25fedc021985a66a357a599ab771d6b495b6f78c,6099f78e4c9223f4de4169d2fd1cded01279da1a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.10`	affected	generic	—
`[0,6.10)`	unaffected	semver	—
`[6.12.75,6.12.*]`	unaffected	generic	—
`[6.18.16,6.18.*]`	unaffected	generic	—
`[6.19.6,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that includes the patch adding pm_runtime_put_sync() to all ipu6_pci_probe() error paths.
If an immediate kernel upgrade is not possible, block or disable the IPU6 driver from probing by blacklisting the corresponding PCI devices to avoid exercising the error path.
Maintain the kernel and all media driver components at the latest stable upstream release to benefit from security and stability improvements.

Generated by OpenCVE AI on May 13, 2026 at 00:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/364759ccc3fb49754758c585c530407f96683030
https://git.kernel.org/stable/c/3cd9e7539a3010a83391fecade1186cf30e616c9
https://git.kernel.org/stable/c/6099f78e4c9223f4de4169d2fd1cded01279da1a
https://git.kernel.org/stable/c/fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac
https://lore.kernel.org/linux-cve-announce/2026050637-CVE-2026-43177-ff1a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43177
https://www.cve.org/CVERecord?id=CVE-2026-43177

History

Tue, 12 May 2026 23:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-391

Tue, 12 May 2026 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050637-CVE-2026-43177-ff1a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43177 https://www.cve.org/CVERecord?id=CVE-2026-43177
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 06 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-391

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6_pci_probe() were jumping directly to out_ipu6_bus_del_devices without releasing the runtime PM reference. Add pm_runtime_put_sync() before cleaning up other resources.
Title		media: ipu6: Fix RPM reference leak in probe error paths
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/364759ccc3fb49754758c585c530407f96683030 https://git.kernel.org/stable/c/3cd9e7539a3010a83391fecade1186cf30e616c9 https://git.kernel.org/stable/c/6099f78e4c9223f4de4169d2fd1cded01279da1a https://git.kernel.org/stable/c/fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:50.843Z

Updated: 2026-05-11T22:19:16.753Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43177

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:36.190

Modified: 2026-05-12T19:54:16.280

Link: CVE-2026-43177

Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43177 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-13T00:30:28Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object