CVE-2026-46222 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads

The pads missed checks for connected devices which may a null dereference
when the stream is enabled.

Unable to handle kernel NULL pointer dereference at virtual address
0000000000000020
pc : rkcif_interface_enable_streams+0x48/0xf0
lr : rkcif_interface_enable_streams+0x44/0xf0
Call trace:
rkcif_interface_enable_streams+0x48/0xf0
v4l2_subdev_enable_streams+0x26c/0x3f0
rkcif_stream_start_streaming+0x140/0x278
vb2_start_streaming+0x74/0x188
vb2_core_streamon+0xe0/0x1d8
vb2_ioctl_streamon+0x60/0xa8
v4l_streamon+0x2c/0x40
__video_do_ioctl+0x34c/0x400
video_usercopy+0x2d0/0x800
video_ioctl2+0x20/0x60
v4l2_ioctl+0x48/0x78

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`85411d17bee99b0a99e983f37188f9cdacfded54`	affected	< 318142640590342bfec7aa06d0bdcd0ddbf953d0
`85411d17bee99b0a99e983f37188f9cdacfded54`	affected	< 8e3c751259dc2d1325838eff26f41032523c7b57

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`7.0.9`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0
https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57

History

Thu, 28 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78
Title		media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0 https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:38.777Z

Updated: 2026-05-28T09:40:38.777Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46222

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:37.823

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46222

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T13:30:15Z

Weaknesses

CWE-476

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object