CVE-2026-46240 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28
https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6
https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76

History

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.
Title		media: iris: Fix use-after-free in iris_release_internal_buffers()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28 https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6 https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:41:08.376Z

Updated: 2026-05-28T09:41:08.376Z

Reserved: 2026-05-13T15:03:33.107Z

Link: CVE-2026-46240

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T10:16:39.613

Modified: 2026-05-28T10:16:39.613

Link: CVE-2026-46240

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object