CVE-2026-46240
Published: May 28, 2026
Modified: May 30, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7cde76db8883ec8a3d1456068079ecadbfb15ca5 - < dd24998a4a4016fb9921916024399bd80f0d45c6affected 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 - < 18c64439f249859b6140f7bf8bcf95c8ed841f28affected 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 - < f27cfdcfc916bb59297825805f4c3499f89f9e76affected d4457f23ac0130240053a34be663f0fade3bb371affected 6.18.16 - < 6.18.32+1 more versions |
Linux | Linux | affected 7.0unaffected 0 - < 7.0unaffected 6.18.32 - <= 6.18.*unaffected 7.0.9 - <= 7.0.*unaffected 7.1-rc3 - <= * |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now