CVE-2026-46011

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1

Description A use-after-free issue exists in the mtk jpeg release() function. The function frees the context structure ctx without cancelling pending or running work in ctx->jpeg work. This creates a race condition where the mtk jpegenc worker() callback may access the context memory after it has been freed. The work is typically queued via queue work() during JPEG encode or decode operations through mtk jpeg device run(). If the device is closed while work is pending, the handler accesses freed memory.

Recommendations Update to version 7.0.11-1.1.