PatchSiren cyber security CVE debrief
CVE-2026-46310 Linux CVE debrief
A vulnerability has been resolved in the Linux kernel, specifically in the media: renesas: vsp1 module. When unloading the module on gen 4, a NULL pointer dereference occurs due to the cleanup code calling the incorrect function. The fix involves checking the IP version and calling the correct drm or vspx function.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel, particularly those using the renesas: vsp1 module, should be aware of this vulnerability and take steps to update their kernel to a version that includes the fix.
Technical summary
The vulnerability is caused by the cleanup code calling vsp1_drm_cleanup() instead of vsp1_vspx_cleanup() when unloading the module on gen 4. This results in a NULL pointer dereference. The fix checks the IP version and calls the correct function.
Defensive priority
medium
Recommended defensive actions
- Update the Linux kernel to a version that includes the fix.
- Check for and apply any available patches for the renesas: vsp1 module.
Evidence notes
The vulnerability was resolved in the Linux kernel. The fix involves checking the IP version and calling the correct drm or vspx function.
Official resources
-
CVE-2026-46310 CVE record
CVE.org
-
CVE-2026-46310 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public