CVE-2026-45877 in Linuxinformation

Résumé

par MITRE • 27/05/2026

In the Linux kernel, the following vulnerability has been resolved:

HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients

During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic.

This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions.

KASAN: null-ptr-deref in range [0000000000000000-0000000000000007]
Workqueue: ish_fw_update_wq fw_reset_work_fn

Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp]
ishtp_reset_handler+0x85/0x1a0 [intel_ishtp]
fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Linux

Réserver

13/05/2026

Divulgation

27/05/2026

Modérer

accepté

Entrée

VDB-366128

CPE

prêt

CWE

CWE-476 (confirmé)

CVSS

4.8 (VulDB)

EPSS

0.00023

KEV

non

Activités

très faible

Secteur

Finance, Police, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45877
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45877
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45877/

◂ Précédent Aperçu Suivant ▸

Do you know our Splunk app?

Download it now for free!