HOMEVULNERABILITIESCVE-2026-46210
HIGH

CVE-2026-46210

Published: May 28, 2026· Updated: May 30, 2026

7.8
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:5.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

media: iris: fix use-after-free of fmt_src during MBPF check

During concurrency testing, multiple instances can run in parallel, and

each instance uses its own inst->lock while the core->lock protects the

list of active instances. The race happens because these locks cover

different scopes, inst->lock protects only the internals of a single

instance, while the Macro Blocks Per Frame (MBPF) checker walks the

core list under core->lock and reads fields like fmt_src->width and

fmt_src->height. At the same time, iris_close() may free fmt_src and

fmt_dst under inst->lock while the instance is still present in the core

list. This allows a situation where the MBPF checker, still iterating

through the core list, reaches an instance whose fmt_src was already

freed by another thread and ends up dereferencing a dangling pointer,

resulting in a use-after-free. This happens because the MBPF checker

assumes that any instance in the core list is fully valid, but the

freeing of fmt_src and fmt_dst without removing the instance from the

core list is not correct.

The correct ordering is to defer freeing fmt_src and fmt_dst until after

the instance has been removed from the core list and all teardown under

the core lock has completed, ensuring that no dangling pointers are ever

exposed during MBPF checks.

NVD Source

Technical Analysis

CVE-2026-46210 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-46210
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 28, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46210 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.