{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43177", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.991Z", "datePublished": "2026-05-06T11:27:50.843Z", "dateUpdated": "2026-05-06T11:27:50.843Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:27:50.843Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu6: Fix RPM reference leak in probe error paths\n\nSeveral error paths in ipu6_pci_probe() were jumping directly to\nout_ipu6_bus_del_devices without releasing the runtime PM reference.\nAdd pm_runtime_put_sync() before cleaning up other resources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/intel/ipu6/ipu6.c"], "versions": [{"version": "25fedc021985a66a357a599ab771d6b495b6f78c", "lessThan": "fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac", "status": "affected", "versionType": "git"}, {"version": "25fedc021985a66a357a599ab771d6b495b6f78c", "lessThan": "364759ccc3fb49754758c585c530407f96683030", "status": "affected", "versionType": "git"}, {"version": "25fedc021985a66a357a599ab771d6b495b6f78c", "lessThan": "3cd9e7539a3010a83391fecade1186cf30e616c9", "status": "affected", "versionType": "git"}, {"version": "25fedc021985a66a357a599ab771d6b495b6f78c", "lessThan": "6099f78e4c9223f4de4169d2fd1cded01279da1a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/intel/ipu6/ipu6.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac"}, {"url": "https://git.kernel.org/stable/c/364759ccc3fb49754758c585c530407f96683030"}, {"url": "https://git.kernel.org/stable/c/3cd9e7539a3010a83391fecade1186cf30e616c9"}, {"url": "https://git.kernel.org/stable/c/6099f78e4c9223f4de4169d2fd1cded01279da1a"}], "title": "media: ipu6: Fix RPM reference leak in probe error paths", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu6: Fix RPM reference leak in probe error paths\n\nSeveral error paths in ipu6_pci_probe() were jumping directly to\nout_ipu6_bus_del_devices without releasing the runtime PM reference.\nAdd pm_runtime_put_sync() before cleaning up other resources."}], "id": "CVE-2026-43177", "lastModified": "2026-05-06T13:07:51.607", "metrics": {}, "published": "2026-05-06T12:16:36.190", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/364759ccc3fb49754758c585c530407f96683030"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3cd9e7539a3010a83391fecade1186cf30e616c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6099f78e4c9223f4de4169d2fd1cded01279da1a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fdc06d36dab7b28c2bdd16cb7ee4f25e0f55d9ac"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: media: ipu6: Fix RPM reference leak in probe error paths", "id": "2467237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467237"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Management (PM) reference leak in the driver's probe error paths. When errors occur during device initialization, PM references are not properly released, which can lead to resource exhaustion and potentially result in a denial of service."], "name": "CVE-2026-43177", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43177\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43177\nhttps://lore.kernel.org/linux-cve-announce/2026050637-CVE-2026-43177-ff1a@gregkh/T"], "threat_severity": "Low"}