{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "85411d17bee99b0a99e983f37188f9cdacfded54"
            },
            {
              "fixed": "318142640590342bfec7aa06d0bdcd0ddbf953d0"
            },
            {
              "fixed": "8e3c751259dc2d1325838eff26f41032523c7b57"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46222.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rkcif: Add missing MUST_CONNECT flag to pads\n\nThe pads missed checks for connected devices which may a null dereference\nwhen the stream is enabled.\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000020\npc : rkcif_interface_enable_streams+0x48/0xf0\nlr : rkcif_interface_enable_streams+0x44/0xf0\nCall trace:\n rkcif_interface_enable_streams+0x48/0xf0\n v4l2_subdev_enable_streams+0x26c/0x3f0\n rkcif_stream_start_streaming+0x140/0x278\n vb2_start_streaming+0x74/0x188\n vb2_core_streamon+0xe0/0x1d8\n vb2_ioctl_streamon+0x60/0xa8\n v4l_streamon+0x2c/0x40\n __video_do_ioctl+0x34c/0x400\n video_usercopy+0x2d0/0x800\n video_ioctl2+0x20/0x60\n v4l2_ioctl+0x48/0x78",
  "id": "CVE-2026-46222",
  "modified": "2026-07-08T05:38:37.401887770Z",
  "published": "2026-05-28T09:40:38.777Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46222.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46222"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads"
}