Linux Kernel rkcif Media Driver Null Deref (CVE-2026-46222)
CVE-2026-46222 Published on May 28, 2026
media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads
In the Linux kernel, the following vulnerability has been resolved:
media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads
The pads missed checks for connected devices which may a null dereference
when the stream is enabled.
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000020
pc : rkcif_interface_enable_streams+0x48/0xf0
lr : rkcif_interface_enable_streams+0x44/0xf0
Call trace:
rkcif_interface_enable_streams+0x48/0xf0
v4l2_subdev_enable_streams+0x26c/0x3f0
rkcif_stream_start_streaming+0x140/0x278
vb2_start_streaming+0x74/0x188
vb2_core_streamon+0xe0/0x1d8
vb2_ioctl_streamon+0x60/0xa8
v4l_streamon+0x2c/0x40
__video_do_ioctl+0x34c/0x400
video_usercopy+0x2d0/0x800
video_ioctl2+0x20/0x60
v4l2_ioctl+0x48/0x78
Products Associated with CVE-2026-46222
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 85411d17bee99b0a99e983f37188f9cdacfded54 and below 318142640590342bfec7aa06d0bdcd0ddbf953d0 is affected.
- Version 85411d17bee99b0a99e983f37188f9cdacfded54 and below 8e3c751259dc2d1325838eff26f41032523c7b57 is affected.
- Version 6.19 is affected.
- Before 6.19 is unaffected.
- Version 7.0.9, <= 7.0.* is unaffected.
- Version 7.1-rc1, <= * is unaffected.