CVE-2026-46240

{"id": "CVE-2026-46240", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-05-28T10:16:39.613", "references": [{"url": "https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Fix use-after-free in iris_release_internal_buffers()\n\nThe recent change in commit 1dabf00ee206 (\"media: iris: gen1: Destroy\ninternal buffers after FW releases\") introduced a regression where\nsession_release_buf() may free the buffer. The caller,\niris_release_internal_buffers(), continued to access `buffer` after the\ncall, leading to a potential use-after-free.\n\nFix this by setting BUF_ATTR_PENDING_RELEASE before calling\nsession_release_buf(), and reverting the flag if the call fails. This\nensures no dereference occurs after potential freeing."}], "lastModified": "2026-06-10T21:04:14.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB16B5AB-8895-4F92-9725-88EE499104D5", "versionEndExcluding": "6.18.32", "versionStartIncluding": "6.18.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E23BCEE9-4A9B-4A21-9895-8615B92174E7", "versionEndExcluding": "7.0.9", "versionStartIncluding": "6.19.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1EF7059-E670-45F4-B422-54C40FA86390"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}