What is GHSA-h697-4wx8-5625?

GHSA-h697-4wx8-5625 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after...

Which CVE IDs does GHSA-h697-4wx8-5625 cover?

GHSA-h697-4wx8-5625 covers the following CVE IDs: CVE-2026-46240. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-h697-4wx8-5625?

GHSA-h697-4wx8-5625 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-h697-4wx8-5625HighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46240 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix use-after-free in iris_release_internal_buffers()

The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session_release_buf() may free the buffer. The caller, iris_release_internal_buffers(), continued to access buffer after the call, leading to a potential use-after-free.

Fix this by setting BUF_ATTR_PENDING_RELEASE before calling session_release_buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-46240
https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28
https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6
https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76
https://github.com/advisories/GHSA-h697-4wx8-5625