Use-After-Free Vulnerability in Linux Kernel Affecting Media Processing
CVE-2026-46210

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46210?

The vulnerability in the Linux kernel involves a use-after-free condition occurring during the Macro Blocks Per Frame (MBPF) checking process. Due to concurrent instances operating under different locking mechanisms, the core list of active instances may encounter a state where an instance's fmt_src and fmt_dst are freed while still being accessed. If the MBPF checker, operating under core->lock, attempts to read these fields while they are freed by another thread, it results in dereferencing a dangling pointer. This situation arises from improper synchronization and highlights the need for meticulous management of instance lifecycles and resource deallocation to prevent exposure of invalid pointers.

Affected Version(s)

Linux 5ad964ad5656668399f00c76707f0d063b64a4b1 < 494ffd1712a588e590e6b1e9f876a8c8b24a9180

Linux 5ad964ad5656668399f00c76707f0d063b64a4b1 < 3d9593ad1a58c5acc3e5fa2a48222bb7632e6812

Linux 6.18

References

https://git.kernel.org/stable/c/494ffd1712a588e590e6b1e9f...

https://git.kernel.org/stable/c/3d9593ad1a58c5acc3e5fa2a4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46210 Data

JSON