Description
In the Linux kernel, the following vulnerability has been resolved:

media: rockchip: rkcif: fix off by one bugs

Change these comparisons from > vs >= to avoid accessing one element
beyond the end of the arrays.
While at it, use ARRAY_SIZE instead of the _MAX enum values.

[fix cosmetic issues]
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s rkcif media driver contains an off‑by‑one comparison that can cause the driver to read or write past the end of a statically allocated array. The change from ‘>’ to ‘>=’ and the use of ARRAY_SIZE prevents this bounds error. The vulnerability is an example of a CWE‑193 error. Based on the CVE description, it is inferred that attacker‑controlled media data could trigger the off‑by‑one bug.

Affected Systems

The flaw exists in any Linux kernel that contains the rkcif media driver without the posted patch. All builds of the kernel that have not incorporated the referenced commit remain vulnerable. Devices running unpatched kernels that use this driver are affected.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity of the off‑by‑one array vulnerability. The EPSS score of <1% shows low reported exploitation probability. The flaw is not listed in the CISA KEV catalog and no public exploits are known. Because the bug occurs while processing media streams, it would require attacker‑controlled media data to trigger the vulnerability. It is unclear whether this could lead to remote code execution or privilege escalation.

Generated by OpenCVE AI on June 14, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version containing the rkcif off‑by‑one fix.
  • If a kernel upgrade is not possible, apply the patch from the referenced Git commit to the kernel source before rebuilding it.
  • If the device does not require the rkcif driver, unload or disable the driver to prevent execution of the vulnerable code.

Generated by OpenCVE AI on June 14, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8488-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8489-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8488-2 Linux kernel (Raspberry Pi) vulnerabilities
History

Sun, 14 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 10 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-788

Wed, 10 Jun 2026 00:15:00 +0000


Tue, 09 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-788

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix cosmetic issues]
Title media: rockchip: rkcif: fix off by one bugs
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:09:46.770Z

Reserved: 2026-06-09T07:44:35.366Z

Link: CVE-2026-52907

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T14:16:45.147

Modified: 2026-06-14T06:16:25.827

Link: CVE-2026-52907

cve-icon Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-52907 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-14T06:30:07Z

Weaknesses