AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-43145: In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix invalid loaded resource

infovulnerability

security

Source: NVD/CVE DatabaseMay 6, 2026CVE-2026-43145

Summary

A bug in the Linux kernel's imx_rproc driver (code that manages remote processors on i.MX chips) caused it to incorrectly report that a resource table (a data structure containing firmware configuration) was loaded even when the firmware didn't actually provide one. This mismatch caused the system to crash when starting firmware without a resource table.

Solution / Mitigation

The fix is to modify imx_rproc_elf_find_loaded_rsc_table() to return NULL when rproc->table_ptr is NULL, ensuring the function only reports a loaded resource table when a valid table_ptr actually exists. The source states: 'Fix this by returning NULL from imx_rproc_elf_find_loaded_rsc_table() when there is no resource table for the current firmware (i.e. when rproc->table_ptr is NULL).'

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 6, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43145

First tracked: May 6, 2026 at 02:07 PM

Classified by LLM (prompt v3) · confidence: 95%