CVE-2026-46240

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix use-after-free in iris release internal buffers()

The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy internal buffers after FW releases") introduced a regression where session release buf() may free the buffer. The caller, iris release internal buffers(), continued to access buffer after the call, leading to a potential use-after-free.

Fix this by setting BUF ATTR PENDING RELEASE before calling session release buf(), and reverting the flag if the call fails. This ensures no dereference occurs after potential freeing.