🟡 Medium | Source: Microsoft Security Response Center
CVE-2026-46285 is a use-after-free vulnerability in the Linux kernel’s MTD (Memory Technology Device) subsystem, specifically in the docg3 driver’s release function. Use-after-free flaws occur when memory is accessed after it has been freed, which can potentially be exploited to execute arbitrary code or escalate privileges. This vulnerability appears in the Linux kernel underlying Azure infrastructure, making it relevant to cloud environments running Linux-based workloads.
Security Architect’s Take: Review whether your Azure Linux VMs or AKS node pools are running kernel versions affected by this MTD docg3 driver vulnerability, and prioritise applying the relevant kernel patches via your update management tooling — though exploitability in cloud environments is likely low given the niche hardware driver involved.
Original advisory: CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()