CVE-2026-46216

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status()

When media GT is disabled via configfs, there is no allocation for media_gt, which is kept as NULL. In such scenario, intel_hdcp_gsc_check_status() results in a kernel pagefault error due to &gt->uc.gsc being evaluated as an invalid memory address.

Fix that by introducing a NULL check on media_gt and bailing out early if so.

While at it, also drop the NULL check for gsc, since it can't be NULL if media_gt is not NULL.

v2:

  • Get address for gsc only after checking that gt is not NULL. (Shuicheng)
  • Drop the NULL check for gsc. (Shuicheng) v3:
  • Add "Fixes" and "Cc: <stable…>" tags. (Matt)

(cherry picked from commit bfaf87e84ca3ca3f6e275f9ae56da47a8b55ffd1)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4af50beb4e0f9e6aed9cd53436c099f1dba826f1 < cad210d2851f3a7d9573bdfc02aa61d9287bbe8caffected
LinuxLinux4af50beb4e0f9e6aed9cd53436c099f1dba826f1 < 814326e86e929b865020ff44f4576dbdfe3f7ff3affected
LinuxLinux4af50beb4e0f9e6aed9cd53436c099f1dba826f1 < d8ab4b47edf4578dbfbe5e95817107a514fa34ccaffected
LinuxLinux4af50beb4e0f9e6aed9cd53436c099f1dba826f1 < 60a1e131a811b68703da58fd805ab359b704ab03affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.92 <= 6.12.*unaffected
LinuxLinux6.18.34 <= 6.18.*unaffected
LinuxLinux7.0.9 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References