CVE-2026-46058

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: amphion: Fix race between m2m job_abort and device_run<br /> <br /> Fix kernel panic caused by race condition where v4l2_m2m_ctx_release()<br /> frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run<br /> with the same context.<br /> <br /> Race sequence:<br /> v4l2_m2m_try_run(): v4l2_m2m_ctx_release():<br /> lock/unlock v4l2_m2m_cancel_job()<br /> job_abort()<br /> v4l2_m2m_job_finish()<br /> kfree(m2m_ctx)

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18 (including) 6.1.175 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)