CVE-2026-46058
Analyzed Analyzed - Analysis Complete
Race Condition in Amphion VPU Driver Kernel Panic

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the same context. Race sequence: v4l2_m2m_try_run(): v4l2_m2m_ctx_release(): lock/unlock v4l2_m2m_cancel_job() job_abort() v4l2_m2m_job_finish() kfree(m2m_ctx) <- frees ctx device_run() <- use-after-free crash at 0x538 Crash trace: Unable to handle kernel read from unreadable memory at virtual address 0000000000000538 v4l2_m2m_try_run+0x78/0x138 v4l2_m2m_device_run_work+0x14/0x20 The amphion vpu driver does not rely on the m2m framework's device_run callback to perform encode/decode operations. Fix the race by preventing m2m framework job scheduling entirely: - Add job_ready callback returning 0 (no jobs ready for m2m framework) - Remove job_abort callback to avoid the race condition
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46058
EUVD
EUVD-2026-32440
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 5.18 (inc) to 6.1.175 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information about CVE-2026-46058 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a race condition in the Linux kernel's media subsystem, specifically involving the amphion driver and the memory-to-memory (m2m) framework.

The issue occurs because the function v4l2_m2m_ctx_release() frees a context (m2m_ctx) while another function, v4l2_m2m_try_run(), is about to use that same context in device_run(). This leads to a use-after-free crash, causing a kernel panic.

The race condition happens when job_abort and device_run operations overlap, resulting in the kernel trying to access freed memory.

The fix involves preventing the m2m framework from scheduling jobs by adding a job_ready callback that always returns 0 (indicating no jobs are ready) and removing the job_abort callback to avoid the race.

Impact Analysis

This vulnerability can cause a kernel panic, which is a system crash in the Linux kernel.

A kernel panic can lead to system instability, unexpected reboots, or denial of service, potentially disrupting any services or applications running on the affected system.

Because the crash is caused by a use-after-free error in the media subsystem, it may specifically affect systems using the amphion driver for video processing tasks.

Mitigation Strategies

The vulnerability is caused by a race condition in the Linux kernel's amphion media driver related to the m2m framework job scheduling.

To mitigate this vulnerability, the fix involves preventing m2m framework job scheduling entirely by:

  • Adding a job_ready callback that returns 0, indicating no jobs are ready for the m2m framework.
  • Removing the job_abort callback to avoid the race condition.

Therefore, immediate mitigation steps include updating the Linux kernel to a version where this fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart