CVE-2026-46310 PUBLISHED

media: renesas: vsp1: Fix NULL pointer deref on module unload

Assigner: Linux
Reserved: 13.05.2026 Published: 08.06.2026 Updated: 14.06.2026

In the Linux kernel, the following vulnerability has been resolved:

media: renesas: vsp1: Fix NULL pointer deref on module unload

When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup().

Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from d06c1a9f348d22478c6bc5684f9c990e15ada1e9 to bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98 (excl.) affected from d06c1a9f348d22478c6bc5684f9c990e15ada1e9 to c4bb1515b26663e5230603892e67f2cc7df9f0ca (excl.) affected from d06c1a9f348d22478c6bc5684f9c990e15ada1e9 to 58b1e9664d8f74d55d8411cc7a7b275a76a6f24f (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.17 is affected unaffected from 0 to 6.17 (excl.) unaffected from 6.18.32 to 6.18.* (incl.) unaffected from 7.0.9 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-46310 PUBLISHED

media: renesas: vsp1: Fix NULL pointer deref on module unload

Product Status

References