Description
In the Linux kernel, the following vulnerability has been resolved:

media: intel/ipu6: fix error pointer dereference

In a error path isp->psys is confirmed to be an error pointer not NULL so
this condition is true and the error pointer is dereferenced. So isp-psys
should be set to NULL before going to out_ipu6_bus_del_devices.

Detected by Smatch:
drivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error:
'isp->psys' dereferencing possible ERR_PTR()

[Sakari Ailus: Fix commit message.]
Published: 2026-06-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Intel IPU6 media driver, an error pointer is incorrectly dereferenced during the probe routine. This null‑pointer dereference can lead to a kernel fault and cause the system to crash or halt, resulting in a denial‑of‑service condition. The flaw is a classic pointer misuse vulnerability as identified by the commit message and Smatch warning.

Affected Systems

All Linux kernel releases that contain the intel/ipu6 media driver but have not yet incorporated the patch fixing the dereference. Because no specific kernel version range is provided, any build with the driver before the commit is likely affected.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and EPSS is unavailable, so exploitation likelihood remains uncertain. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly cited exploits. The attack vector is likely limited to a local or privileged context, inferred from the fact that the driver operates during device initialization. No additional information about remote exploitation is present in the CVE data.

Generated by OpenCVE AI on June 9, 2026 at 01:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes commit 8dd088b8b106f7b119664f965b691785998edcfb, which resolves the pointer dereference.
  • If a kernel upgrade is not immediately possible, disable the Intel IPU6 driver by removing or blacklisting the module so the code path is not executed.
  • Continuously monitor system logs such as dmesg for OOPS or segmentation fault messages related to ipu6 and plan a hardware or firmware upgrade if the device is unused.

Generated by OpenCVE AI on June 9, 2026 at 01:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Mon, 08 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before going to out_ipu6_bus_del_devices. Detected by Smatch: drivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error: 'isp->psys' dereferencing possible ERR_PTR() [Sakari Ailus: Fix commit message.]
Title media: intel/ipu6: fix error pointer dereference
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:50:44.065Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:50.317

Modified: 2026-06-08T17:16:50.317

Link: CVE-2026-46313

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46313 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T01:45:22Z

Weaknesses