In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imx_rproc: Fix invalid loaded resource table detection
imxrprocelffindloadedrsctable() may incorrectly report a loaded resource table even when the current firmware does not provide one.
When the device tree contains a "rsc-table" entry, priv->rsctable is non-NULL and denotes where a resource table would be located if one is present in memory. However, when the current firmware has no resource table, rproc->tableptr is NULL. The function still returns priv->rsc_table, and the remoteproc core interprets this as a valid loaded resource table.
Fix this by returning NULL from imxrprocelffindloadedrsctable() when there is no resource table for the current firmware (i.e. when rproc->tableptr is NULL). This aligns the function's semantics with the remoteproc core: a loaded resource table is only reported when a valid tableptr exists.
With this change, starting firmware without a resource table no longer triggers a crash.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43145.json",
"cna_assigner": "Linux"
}