Description
In the Linux kernel, the following vulnerability has been resolved:

media: renesas: vsp1: Fix NULL pointer deref on module unload

When unloading the module on gen 4, we hit a NULL pointer dereference.
This is caused by the cleanup code calling vsp1_drm_cleanup() where it
should be calling vsp1_vspx_cleanup().

Fix this by checking the IP version and calling the drm or vspx function
accordingly, the same way as the init code does.
Published: 2026-06-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw, a NULL pointer dereference (CWE-763), occurs when the module is unloaded on generation 4 hardware. The cleanup code incorrectly calls vsp1_drm_cleanup instead of vsp1_vspx_cleanup, triggering a kernel oops that crashes the system. This results in a denial-of-service outcome for the affected host.

Affected Systems

The vulnerability affects any Linux system whose kernel includes the Renesas VSP1 media driver before the fix. Distributions that have released kernels without the patch, or custom-built kernels, are at risk.

Risk and Exploitability

The flaw is a NULL pointer dereference (CWE-763) that is triggered by attempting to unload the vsp1 module. Based on the description, it is inferred that root privilege or the ability to load/unload kernel modules is required to trigger the vulnerability. No EPSS score is available, and the issue is not in the CISA KEV list, so no public exploitation data exists. The impact is limited to privileged users who can unload the module; unprivileged users cannot directly exploit the vulnerability.

Generated by OpenCVE AI on June 9, 2026 at 03:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that incorporates the Renesas VSP1 cleanup fix.
  • If building a custom kernel, cherry‑pick the commit that corrects the vsp1 cleanup path and rebuild the kernel.
  • As a temporary mitigation, avoid unloading the Renesas VSP1 module until the patch is applied, or disable the module if it is not required.

Generated by OpenCVE AI on June 9, 2026 at 03:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should be calling vsp1_vspx_cleanup(). Fix this by checking the IP version and calling the drm or vspx function accordingly, the same way as the init code does.
Title media: renesas: vsp1: Fix NULL pointer deref on module unload
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:50:40.776Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46310

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:49.943

Modified: 2026-06-08T17:16:49.943

Link: CVE-2026-46310

cve-icon Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46310 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T03:45:26Z

Weaknesses