CVE-2026-46240

HIGH 7.8

media: iris: Fix use-after-free in iris_release_internal_buffers()

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 28, 2026
Last Updated	May 30, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

7cde76db8883ec8a3d1456068079ecadbfb15ca5 < dd24998a4a4016fb9921916024399bd80f0d45c6 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 < 18c64439f249859b6140f7bf8bcf95c8ed841f28 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 < f27cfdcfc916bb59297825805f4c3499f89f9e76 d4457f23ac0130240053a34be663f0fade3bb371 6.18.16 < 6.18.32 6.19.6 < 6.20

Linux / Linux

7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6 git.kernel.org: https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28 git.kernel.org: https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76