CVE-2026-46246 in Linuxالمعلومات

الملخص

بحسب MITRE • 03/06/2026

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler

Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `extcon` handle, means that the `extcon` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the `extcon` handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling `extcon_set_state_sync()` with a freed `extcon` handle. Which usually crashes the system or otherwise silently corrupts the memory...

Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the `extcon` handle.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Linux

حجز

13/05/2026

إفشاء

03/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-368172

EPSS

0.00018

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hospital, Finance, ...

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-46246
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-46246
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-46246/

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!