Linux Kernel Media Iris: UAF in iris_release_internal

Linux Kernel Media Iris: UAF in iris_release_internal_buffers()
CVE-2026-46240 Published on May 28, 2026

media: iris: Fix use-after-free in iris_release_internal_buffers()
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

Products Associated with CVE-2026-46240

Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.

Affected Versions

Version 7cde76db8883ec8a3d1456068079ecadbfb15ca5 and below dd24998a4a4016fb9921916024399bd80f0d45c6 is affected.

Version 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 and below 18c64439f249859b6140f7bf8bcf95c8ed841f28 is affected.

Version 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 and below f27cfdcfc916bb59297825805f4c3499f89f9e76 is affected.

Version d4457f23ac0130240053a34be663f0fade3bb371 is affected.

Version 6.18.16 and below 6.18.32 is affected.

Version 6.19.6 and below 6.20 is affected.

Version 7.0 is affected.

Before 7.0 is unaffected.

Version 6.18.32, <= 6.18.* is unaffected.

Version 7.0.9, <= 7.0.* is unaffected.

Version 7.1-rc3, <= * is unaffected.

Linux Kernel Media Iris: UAF in iris_release_internal_buffers()CVE-2026-46240 Published on May 28, 2026

Products Associated with CVE-2026-46240

Affected Versions

Linux Kernel Media Iris: UAF in iris_release_internal_buffers()
CVE-2026-46240 Published on May 28, 2026