Use-After-Free Vulnerability in Linux Kernel's Media Module by Linux Foundation
CVE-2026-46240

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46240?

A vulnerability has been identified within the Linux kernel's media subsystem, specifically related to the management of internal buffers. This issue arises from a regression introduced by a recent commit that incorrectly handles the release of internal session buffers. After a buffer is freed, the system may still attempt to access it, creating potential security risks associated with dereferencing freed memory. The issue is addressed by implementing proper attribute handling, ensuring that no attempts are made to access freed buffers, thus mitigating the risk of exploitation.

Affected Version(s)

Linux 7cde76db8883ec8a3d1456068079ecadbfb15ca5

Linux 1dabf00ee206eceb0f08a1fe5d1ce635f9064338 < 18c64439f249859b6140f7bf8bcf95c8ed841f28

Linux 1dabf00ee206eceb0f08a1fe5d1ce635f9064338

References

https://git.kernel.org/stable/c/dd24998a4a4016fb992191602...

https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8...

https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46240 Data

JSON