CVE-2026-43177

Vulnerability

Description

CVE-2026-43177 is a runtime power management (RPM) reference leak in the Linux kernel's Intel IPU6 (Image Processing Unit 6 (ipu6) driver. The vulnerability exists in the ipu6_pci_probe() function, where several error paths jump directly to the cleanup label out_ipu6_bus_del_devices without first releasing the RPM reference that was acquired earlier in the probe sequence. This omission means that when a probe fails after the RPM reference is taken, the reference count is not decremented, leading to an unbalanced RPM state [1].

Exploitation and

Impact

To trigger this bug, an attacker would need to cause a probe failure in the ipu6 driver, for example by manipulating hardware state or providing malformed device configuration. The attack requires local access to the system and the ability to trigger driver probing, which typically means physical presence or control of a user-space process that can unbind/bind the device. No special privileges are needed beyond the ability to interact with the device operations that cause probe errors. The impact is a denial of service (CVSS v3 base score 5.5, Medium severity) because the leaked RPM reference prevents the device from entering a low-power state, potentially causing increased power consumption and, in extreme cases, system instability or hang if the reference count overflows [1].

Mitigation

The fix, already applied in the Linux kernel stable tree, adds a pm_runtime_put_sync() call before the cleanup label to ensure the RPM reference is released on all error paths. Users should update to a kernel version containing the commit fdc06d36dab7 or any of the other stable backports [1][2][3][4]. No workaround is available; the only mitigation is to apply the kernel patch.