CVE Catalog

CVE-2026-46310

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, a NULL pointer dereference occurs in the VSP1 driver for Renesas hardware when unloading the module on gen 4 platforms. The issue is caused by calling the wrong cleanup function (vsp1_drm_cleanup instead of vsp1_vspx_cleanup).

Risk Assessment

This vulnerability can cause a kernel panic during module unload, posing a stability risk for embedded systems using Renesas hardware.

Recommendation

Update the Linux kernel to a version containing the fix that checks the IP version before calling the appropriate cleanup function.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS