CVE-2026-46310 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f
https://git.kernel.org/stable/c/bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98
https://git.kernel.org/stable/c/c4bb1515b26663e5230603892e67f2cc7df9f0ca

History

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.
Title		media: renesas: vsp1: Fix NULL pointer deref on module unload
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f https://git.kernel.org/stable/c/bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98 https://git.kernel.org/stable/c/c4bb1515b26663e5230603892e67f2cc7df9f0ca

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:50:40.776Z

Updated: 2026-06-08T15:50:40.776Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46310

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:49.943

Modified: 2026-06-08T17:16:49.943

Link: CVE-2026-46310

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46310", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.111Z", "datePublished": "2026-06-08T15:50:40.776Z", "dateUpdated": "2026-06-08T15:50:40.776Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-08T15:50:40.776Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: renesas: vsp1: Fix NULL pointer deref on module unload\n\nWhen unloading the module on gen 4, we hit a NULL pointer dereference.\nThis is caused by the cleanup code calling vsp1_drm_cleanup() where it\nshould be calling vsp1_vspx_cleanup().\n\nFix this by checking the IP version and calling the drm or vspx function\naccordingly, the same way as the init code does."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/renesas/vsp1/vsp1_drv.c"], "versions": [{"version": "d06c1a9f348d22478c6bc5684f9c990e15ada1e9", "lessThan": "bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98", "status": "affected", "versionType": "git"}, {"version": "d06c1a9f348d22478c6bc5684f9c990e15ada1e9", "lessThan": "c4bb1515b26663e5230603892e67f2cc7df9f0ca", "status": "affected", "versionType": "git"}, {"version": "d06c1a9f348d22478c6bc5684f9c990e15ada1e9", "lessThan": "58b1e9664d8f74d55d8411cc7a7b275a76a6f24f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/renesas/vsp1/vsp1_drv.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.32", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.9", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98"}, {"url": "https://git.kernel.org/stable/c/c4bb1515b26663e5230603892e67f2cc7df9f0ca"}, {"url": "https://git.kernel.org/stable/c/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f"}], "title": "media: renesas: vsp1: Fix NULL pointer deref on module unload", "x_generator": {"engine": "bippy-1.2.0"}}}}