Bug 2467237 (CVE-2026-43177)

Summary: CVE-2026-43177 kernel: media: ipu6: Fix RPM reference leak in probe error paths
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Management (PM) reference leak in the driver's probe error paths. When errors occur during device initialization, PM references are not properly released, which can lead to resource exhaustion and potentially result in a denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 13:12:25 UTC
In the Linux kernel, the following vulnerability has been resolved:

media: ipu6: Fix RPM reference leak in probe error paths

Several error paths in ipu6_pci_probe() were jumping directly to
out_ipu6_bus_del_devices without releasing the runtime PM reference.
Add pm_runtime_put_sync() before cleaning up other resources.