Vulnerability-Lookup

CVE-2026-46312 (GCVE-0-2026-46312)

Vulnerability from cvelistv5 – Published: 2026-06-08 15:50 – Updated: 2026-06-08 15:50

Title

media: videobuf2: Set vma_flags in vb2_dma_sg_mmap

Summary

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a reason why vb2_dma_sg should behave differently. This avoids hitting `WARN_ON(!(vma->vm_flags & VM_DONTEXPAND));` in drm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of tree Apple ISP camera capture driver which uses vb2_dma_sg_memops. gst-launch-1.0 v4l2src ! gtk4paintablesink [ 38.201528] ------------[ cut here ]------------ [ 38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210 [ 38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device uinput nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep nls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc hid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic cfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev aop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2 snd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor macsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi macsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3 snd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon apple_sart apple_dockchannel macsmc apple_rtkit_helper spmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses pinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core spi_apple [ 38.203300] videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram [ 38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G W 6.17.6+ #asahi-dev PREEMPT(full) [ 38.219040] Tainted: [W]=WARN [ 38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT) [ 38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210 [ 38.221643] lr : drm_gem_mmap_obj+0x78/0x210 [ 38.222178] sp : ffffc0008dc678e0 [ 38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480 [ 38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968 [ 38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0 [ 38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968 [ 38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8 [ 38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff [ 38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8 [ 38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000 [ 38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038 [ 38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb [ 38.231488] Call trace: [ 38.231806] drm_gem_mmap_obj+0x1f8/0x210 (P) [ 38.232342] drm_gem_mmap+0x140/0x260 [ 38.232813] __mmap_region+0x488/0x9a0 [ 38.233277] mmap_region+0xd0/0x148 [ 38.233703] do_mmap+0x350/0x5c0 [ 38.234148] vm_mmap_pgoff+0x14c/0x200 [ 38.234612] ksys_mmap_pgoff+0x150/0x208 [ 38.235107] __arm64_sys_mmap+0x34/0x50 [ 38.235611] invoke_syscall+0x50/0x120 [ 38.236075] el0_svc_common.constprop.0+0x48/0xf0 [ 38.236680] do_el0_svc+0x24/0x38 [ 38.237113] el0_svc+0x38/0x168 [ 38.237507] el0t_64_sync_handler+0xa0/0xe8 [ 38.238034] el0t_64_sync+0x198/0x1a0 [ 38.238491] ---[ end trace 0000000000000000 ]--- There were discussions in [1] at the end of 2023 that mmap() on imported ---truncated---

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/feb17524aa4ec3377…
https://git.kernel.org/stable/c/1a1360264f699521e…
https://git.kernel.org/stable/c/21fade52ab9fb1336…
https://git.kernel.org/stable/c/b4cf91658a636618f…
https://git.kernel.org/stable/c/7254b31a13aaa0c2c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5ba3f757f0592ca001266b4a6214d0332349909c , < feb17524aa4ec337749344be0db52b88663e25ab (git) Affected: 5ba3f757f0592ca001266b4a6214d0332349909c , < 1a1360264f699521e001e7739009ee3ee3c6a4f5 (git) Affected: 5ba3f757f0592ca001266b4a6214d0332349909c , < 21fade52ab9fb13368a5709e60b0d9909197aeae (git) Affected: 5ba3f757f0592ca001266b4a6214d0332349909c , < b4cf91658a636618f1437beec971dec25dec28eb (git) Affected: 5ba3f757f0592ca001266b4a6214d0332349909c , < 7254b31a13aaa0c2c0f9ffbc335b718656117ff4 (git)
Linux	Linux	Affected: 2.6.39 Unaffected: 0 , < 2.6.39 (semver) Unaffected: 6.6.140 , ≤ 6.6.* (semver) Unaffected: 6.12.90 , ≤ 6.12.* (semver) Unaffected: 6.18.32 , ≤ 6.18.* (semver) Unaffected: 7.0.9 , ≤ 7.0.* (semver) Unaffected: 7.1-rc1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/common/videobuf2/videobuf2-dma-sg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "feb17524aa4ec337749344be0db52b88663e25ab",
              "status": "affected",
              "version": "5ba3f757f0592ca001266b4a6214d0332349909c",
              "versionType": "git"
            },
            {
              "lessThan": "1a1360264f699521e001e7739009ee3ee3c6a4f5",
              "status": "affected",
              "version": "5ba3f757f0592ca001266b4a6214d0332349909c",
              "versionType": "git"
            },
            {
              "lessThan": "21fade52ab9fb13368a5709e60b0d9909197aeae",
              "status": "affected",
              "version": "5ba3f757f0592ca001266b4a6214d0332349909c",
              "versionType": "git"
            },
            {
              "lessThan": "b4cf91658a636618f1437beec971dec25dec28eb",
              "status": "affected",
              "version": "5ba3f757f0592ca001266b4a6214d0332349909c",
              "versionType": "git"
            },
            {
              "lessThan": "7254b31a13aaa0c2c0f9ffbc335b718656117ff4",
              "status": "affected",
              "version": "5ba3f757f0592ca001266b4a6214d0332349909c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/common/videobuf2/videobuf2-dma-sg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.140",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.90",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.32",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.9",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1-rc1",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\n\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\nsee a reason why vb2_dma_sg should behave differently. This avoids\nhitting `WARN_ON(!(vma-\u003evm_flags \u0026 VM_DONTEXPAND));` in\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\n\ngst-launch-1.0 v4l2src ! gtk4paintablesink\n\n[   38.201528] ------------[ cut here ]------------\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\napple_sart apple_dockchannel macsmc apple_rtkit_helper\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\nspi_apple\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\n[   38.219040] Tainted: [W]=WARN\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\n[   38.222178] sp : ffffc0008dc678e0\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\n[   38.231488] Call trace:\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\n[   38.232342]  drm_gem_mmap+0x140/0x260\n[   38.232813]  __mmap_region+0x488/0x9a0\n[   38.233277]  mmap_region+0xd0/0x148\n[   38.233703]  do_mmap+0x350/0x5c0\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\n[   38.235611]  invoke_syscall+0x50/0x120\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\n[   38.236680]  do_el0_svc+0x24/0x38\n[   38.237113]  el0_svc+0x38/0x168\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\n[   38.238034]  el0t_64_sync+0x198/0x1a0\n[   38.238491] ---[ end trace 0000000000000000 ]---\n\nThere were discussions in [1] at the end of 2023 that mmap() on imported\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T15:50:42.964Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4"
        }
      ],
      "title": "media: videobuf2: Set vma_flags in vb2_dma_sg_mmap",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-46312",
    "datePublished": "2026-06-08T15:50:42.964Z",
    "dateReserved": "2026-05-13T15:03:33.111Z",
    "dateUpdated": "2026-06-08T15:50:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-46312",
      "date": "2026-06-10",
      "epss": "0.00018",
      "percentile": "0.04993"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-46312\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-08T17:16:50.160\",\"lastModified\":\"2026-06-08T17:16:50.160\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\\n\\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\\nsee a reason why vb2_dma_sg should behave differently. This avoids\\nhitting `WARN_ON(!(vma-\u003evm_flags \u0026 VM_DONTEXPAND));` in\\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\\n\\ngst-launch-1.0 v4l2src ! gtk4paintablesink\\n\\n[   38.201528] ------------[ cut here ]------------\\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\\napple_sart apple_dockchannel macsmc apple_rtkit_helper\\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\\nspi_apple\\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\\n[   38.219040] Tainted: [W]=WARN\\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\\n[   38.222178] sp : ffffc0008dc678e0\\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\\n[   38.231488] Call trace:\\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\\n[   38.232342]  drm_gem_mmap+0x140/0x260\\n[   38.232813]  __mmap_region+0x488/0x9a0\\n[   38.233277]  mmap_region+0xd0/0x148\\n[   38.233703]  do_mmap+0x350/0x5c0\\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\\n[   38.235611]  invoke_syscall+0x50/0x120\\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\\n[   38.236680]  do_el0_svc+0x24/0x38\\n[   38.237113]  el0_svc+0x38/0x168\\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\\n[   38.238034]  el0t_64_sync+0x198/0x1a0\\n[   38.238491] ---[ end trace 0000000000000000 ]---\\n\\nThere were discussions in [1] at the end of 2023 that mmap() on imported\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2026-46312

Vulnerability from fkie_nvd - Published: 2026-06-08 17:16 - Updated: 2026-06-08 17:16

Severity

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\n\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\nsee a reason why vb2_dma_sg should behave differently. This avoids\nhitting `WARN_ON(!(vma-\u003evm_flags \u0026 VM_DONTEXPAND));` in\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\n\ngst-launch-1.0 v4l2src ! gtk4paintablesink\n\n[   38.201528] ------------[ cut here ]------------\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\napple_sart apple_dockchannel macsmc apple_rtkit_helper\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\nspi_apple\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\n[   38.219040] Tainted: [W]=WARN\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\n[   38.222178] sp : ffffc0008dc678e0\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\n[   38.231488] Call trace:\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\n[   38.232342]  drm_gem_mmap+0x140/0x260\n[   38.232813]  __mmap_region+0x488/0x9a0\n[   38.233277]  mmap_region+0xd0/0x148\n[   38.233703]  do_mmap+0x350/0x5c0\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\n[   38.235611]  invoke_syscall+0x50/0x120\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\n[   38.236680]  do_el0_svc+0x24/0x38\n[   38.237113]  el0_svc+0x38/0x168\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\n[   38.238034]  el0t_64_sync+0x198/0x1a0\n[   38.238491] ---[ end trace 0000000000000000 ]---\n\nThere were discussions in [1] at the end of 2023 that mmap() on imported\n---truncated---"
    }
  ],
  "id": "CVE-2026-46312",
  "lastModified": "2026-06-08T17:16:50.160",
  "metrics": {},
  "published": "2026-06-08T17:16:50.160",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}

GHSA-FC4P-MQ27-M6P2

Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

media: videobuf2: Set vma_flags in vb2_dma_sg_mmap

vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a reason why vb2_dma_sg should behave differently. This avoids hitting WARN_ON(!(vma->vm_flags & VM_DONTEXPAND)); in drm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of tree Apple ISP camera capture driver which uses vb2_dma_sg_memops.

gst-launch-1.0 v4l2src ! gtk4paintablesink

[ 38.201528] ------------[ cut here ]------------ [ 38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210 [ 38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device uinput nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep nls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc hid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic cfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev aop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2 snd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor macsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi macsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3 snd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon apple_sart apple_dockchannel macsmc apple_rtkit_helper spmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses pinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core spi_apple [ 38.203300] videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram [ 38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G W 6.17.6+ #asahi-dev PREEMPT(full) [ 38.219040] Tainted: [W]=WARN [ 38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT) [ 38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210 [ 38.221643] lr : drm_gem_mmap_obj+0x78/0x210 [ 38.222178] sp : ffffc0008dc678e0 [ 38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480 [ 38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968 [ 38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0 [ 38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968 [ 38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8 [ 38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff [ 38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8 [ 38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000 [ 38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038 [ 38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb [ 38.231488] Call trace: [ 38.231806] drm_gem_mmap_obj+0x1f8/0x210 (P) [ 38.232342] drm_gem_mmap+0x140/0x260 [ 38.232813] __mmap_region+0x488/0x9a0 [ 38.233277] mmap_region+0xd0/0x148 [ 38.233703] do_mmap+0x350/0x5c0 [ 38.234148] vm_mmap_pgoff+0x14c/0x200 [ 38.234612] ksys_mmap_pgoff+0x150/0x208 [ 38.235107] __arm64_sys_mmap+0x34/0x50 [ 38.235611] invoke_syscall+0x50/0x120 [ 38.236075] el0_svc_common.constprop.0+0x48/0xf0 [ 38.236680] do_el0_svc+0x24/0x38 [ 38.237113] el0_svc+0x38/0x168 [ 38.237507] el0t_64_sync_handler+0xa0/0xe8 [ 38.238034] el0t_64_sync+0x198/0x1a0 [ 38.238491] ---[ end trace 0000000000000000 ]---

There were discussions in [1] at the end of 2023 that mmap() on imported ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-46312"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T17:16:50Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\n\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\nsee a reason why vb2_dma_sg should behave differently. This avoids\nhitting `WARN_ON(!(vma-\u003evm_flags \u0026 VM_DONTEXPAND));` in\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\n\ngst-launch-1.0 v4l2src ! gtk4paintablesink\n\n[   38.201528] ------------[ cut here ]------------\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\napple_sart apple_dockchannel macsmc apple_rtkit_helper\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\nspi_apple\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\n[   38.219040] Tainted: [W]=WARN\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\n[   38.222178] sp : ffffc0008dc678e0\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\n[   38.231488] Call trace:\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\n[   38.232342]  drm_gem_mmap+0x140/0x260\n[   38.232813]  __mmap_region+0x488/0x9a0\n[   38.233277]  mmap_region+0xd0/0x148\n[   38.233703]  do_mmap+0x350/0x5c0\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\n[   38.235611]  invoke_syscall+0x50/0x120\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\n[   38.236680]  do_el0_svc+0x24/0x38\n[   38.237113]  el0_svc+0x38/0x168\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\n[   38.238034]  el0t_64_sync+0x198/0x1a0\n[   38.238491] ---[ end trace 0000000000000000 ]---\n\nThere were discussions in [1] at the end of 2023 that mmap() on imported\n---truncated---",
  "id": "GHSA-fc4p-mq27-m6p2",
  "modified": "2026-06-08T18:31:53Z",
  "published": "2026-06-08T18:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

MSRC_CVE-2026-46312

Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-10 01:04

Summary

media: videobuf2: Set vma_flags in vb2_dma_sg_mmap

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-46312

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	None Available

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-46312.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "media: videobuf2: Set vma_flags in vb2_dma_sg_mmap",
    "tracking": {
      "current_release_date": "2026-06-10T01:04:19.000Z",
      "generator": {
        "date": "2026-06-10T07:02:18.586Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-46312",
      "initial_release_date": "2026-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-10T01:04:19.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 0:6.6.139.1-1.azl3",
                "product": {
                  "name": "azl3 kernel 0:6.6.139.1-1.azl3",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 0:6.6.139.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-46312",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-46312.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-06-10T01:04:19.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "media: videobuf2: Set vma_flags in vb2_dma_sg_mmap"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-46312 (GCVE-0-2026-46312)

FKIE_CVE-2026-46312

GHSA-FC4P-MQ27-M6P2

MSRC_CVE-2026-46312

Tags

Sightings

Nomenclature