CVE-2026-46058
Analyzed Analyzed - Analysis Complete
Race Condition in Amphion VPU Driver Kernel Panic

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the same context. Race sequence: v4l2_m2m_try_run(): v4l2_m2m_ctx_release(): lock/unlock v4l2_m2m_cancel_job() job_abort() v4l2_m2m_job_finish() kfree(m2m_ctx) <- frees ctx device_run() <- use-after-free crash at 0x538 Crash trace: Unable to handle kernel read from unreadable memory at virtual address 0000000000000538 v4l2_m2m_try_run+0x78/0x138 v4l2_m2m_device_run_work+0x14/0x20 The amphion vpu driver does not rely on the m2m framework's device_run callback to perform encode/decode operations. Fix the race by preventing m2m framework job scheduling entirely: - Add job_ready callback returning 0 (no jobs ready for m2m framework) - Remove job_abort callback to avoid the race condition
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46058
EUVD
EUVD-2026-32440
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 5.18 (inc) to 6.1.175 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's media subsystem, specifically involving the amphion driver and the memory-to-memory (m2m) framework.

The issue occurs because the function v4l2_m2m_ctx_release() frees a context (m2m_ctx) while another function, v4l2_m2m_try_run(), is about to use that same context in device_run(). This leads to a use-after-free crash, causing a kernel panic.

The race condition happens when job_abort and device_run operations overlap, resulting in the kernel trying to access freed memory.

The fix involves preventing the m2m framework from scheduling jobs by adding a job_ready callback that always returns 0 (indicating no jobs are ready) and removing the job_abort callback to avoid the race.

Impact Analysis

This vulnerability can cause a kernel panic, which is a system crash in the Linux kernel.

A kernel panic can lead to system instability, unexpected reboots, or denial of service, potentially disrupting any services or applications running on the affected system.

Because the crash is caused by a use-after-free error in the media subsystem, it may specifically affect systems using the amphion driver for video processing tasks.

Mitigation Strategies

The vulnerability is caused by a race condition in the Linux kernel's amphion media driver related to the m2m framework job scheduling.

To mitigate this vulnerability, the fix involves preventing m2m framework job scheduling entirely by:

  • Adding a job_ready callback that returns 0, indicating no jobs are ready for the m2m framework.
  • Removing the job_abort callback to avoid the race condition.

Therefore, immediate mitigation steps include updating the Linux kernel to a version where this fix is applied.

Compliance Impact

The provided information about CVE-2026-46058 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart