Security Advisory

CVE-2026-31473

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-22 13:54:00

Last updated 2026-05-11 22:09:24

Assigner Linux

State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0) queue teardown paths. This can race request object cleanup against vb2 queue cancellation and lead to use-after-free reports. We already serialize request queueing against STREAMON/OFF with req_queue_mutex. Extend that serialization to REQBUFS, and also take the same mutex in media_request_ioctl_reinit() so REINIT is in the same exclusion domain. This keeps request cleanup and queue cancellation from running in parallel for request-capable devices.

← Browse all CVEs View on cve.org ↗