CVE-2026-46246 in Linuxinformation

Résumé

par MITRE • 03/06/2026

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler

Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `extcon` handle, means that the `extcon` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the `extcon` handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling `extcon_set_state_sync()` with a freed `extcon` handle. Which usually crashes the system or otherwise silently corrupts the memory...

Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the `extcon` handle.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Linux

Réserver

13/05/2026

Divulgation

03/06/2026

Modérer

accepté

Entrée

VDB-368172

CPE

prêt

CWE

CWE-416 (confirmé)

CVSS

8.0 (VulDB)

EPSS

0.00000

KEV

non

Activités

très faible

Secteur

Telecommunication, Transportation, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-46246
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-46246
CVE Details	https://www.cvedetails.com/cve/CVE-2026-46246/

◂ Précédent Aperçu Suivant ▸

Interested in the pricing of exploits?

See the underground prices here!