Primary

Context

Linux Kernel Use-After-Free Vulnerability in Media Iris Component

Vulnerability

Patched

A use-after-free vulnerability has been identified in the Linux kernel's media iris component, specifically in versions prior to the patch. The issue arises in the function 'iris_release_internal_buffers()', which accesses a buffer after it has been freed by 'session_release_buf()'. This regression was introduced by a recent change that altered the buffer release process, creating a window for potential exploitation. The vulnerability could lead to memory corruption or arbitrary code execution.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patched version can be downloaded from the official Linux kernel repository.

Added: May 28, 2026, 10:28 AM

Updated: May 28, 2026, 10:28 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Use-After-Free Vulnerability in Media Iris Component

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating