CVE-2026-46310
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel, a NULL pointer dereference occurs in the VSP1 driver for Renesas hardware when unloading the module on gen 4 platforms. The issue is caused by calling the wrong cleanup function (vsp1_drm_cleanup instead of vsp1_vspx_cleanup).
Risk Assessment
This vulnerability can cause a kernel panic during module unload, posing a stability risk for embedded systems using Renesas hardware.
Recommendation
Update the Linux kernel to a version containing the fix that checks the IP version before calling the appropriate cleanup function.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.

