CVE-2026-46240

HIGHPre-NVD 7.87.8
EchelonGraph scoreMEDIUM confidence

Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2026-05-28. the CNA's CVSS baseline 7.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: cna:linux, epss, ghsa
7.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix use-after-free in iris_release_internal_buffers()

The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access buffer after the call, leading to a potential use-after-free.

Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

CVSS v3
7.8
EG Score
7.8(medium)
EPSS
2.5%
KEV
Not listed

Published

May 28, 2026

Last Modified

June 14, 2026

Advisory Details (3)

Auto-updated Jun 4, 2026
No patch confirmed yet.
generic

media: iris: Fix use-after-free in iris_release_internal_buffers() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76
generic

media: iris: Fix use-after-free in iris_release_internal_buffers() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6
generic

media: iris: Fix use-after-free in iris_release_internal_buffers() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28

Vendor Advisories for CVE-2026-46240(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Frequently asked(5)

What is CVE-2026-46240?
CVE-2026-46240 is a high vulnerability published on May 28, 2026. In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in irisreleaseinternal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where sessionreleasebuf() may free…
When was CVE-2026-46240 disclosed?
CVE-2026-46240 was first published in the National Vulnerability Database on May 28, 2026, with the most recent update on June 14, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-46240 actively exploited?
CVE-2026-46240 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 2.5% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-46240?
CVE-2026-46240 has a CVSS v4.0 base score of 7.8 (CNA self-assessment; NVD's own analysis pending).
How do I remediate CVE-2026-46240?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46240, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-46240

Explore →

Is Your Infrastructure Affected by CVE-2026-46240?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.