CVE-2026-46240
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to use-after-free in the iris_release_internal_buffers() function. A recent change introduced a regression that may lead to accessing a freed buffer.
Risk Assessment
Exploitation of this vulnerability could lead to unpredictable system behavior, posing a risk to the stability and security of applications utilizing this component.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor applications that utilize buffer management functions.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access `buffer` after the call, leading to a potential use-after-free. Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

