CVE-2026-46310
Received Received - Intake
NULL Pointer Dereference in Renesas VSP1 Linux Kernel Driver

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-46310
EUVD
EUVD-2026-35120
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
renesas vsp1 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's media component for Renesas vsp1. It occurs when unloading the module on generation 4 hardware, causing a NULL pointer dereference. The issue arises because the cleanup code incorrectly calls the function vsp1_drm_cleanup() instead of the correct function vsp1_vspx_cleanup(). The fix involves checking the IP version and calling the appropriate cleanup function accordingly, similar to how the initialization code operates.

Impact Analysis

The vulnerability can cause a NULL pointer dereference during module unload, which may lead to a kernel crash or system instability. This can result in denial of service or unexpected behavior on affected systems using the Renesas vsp1 media driver on generation 4 hardware.

Mitigation Strategies

The vulnerability is caused by a NULL pointer dereference when unloading the renesas vsp1 module on gen 4 devices due to incorrect cleanup function calls.

To mitigate this vulnerability, update the Linux kernel to a version where this issue is fixed. The fix involves checking the IP version and calling the appropriate cleanup function (vsp1_drm_cleanup() or vsp1_vspx_cleanup()) accordingly.

Until the update is applied, avoid unloading the renesas vsp1 module on affected systems to prevent triggering the NULL pointer dereference.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart