CVE-2026-45877 in Linux情報

要約

〜によって MITRE • 2026年05月27日

In the Linux kernel, the following vulnerability has been resolved:

HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients

During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic.

This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions.

KASAN: null-ptr-deref in range [0000000000000000-0000000000000007]
Workqueue: ish_fw_update_wq fw_reset_work_fn

Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp]
ishtp_reset_handler+0x85/0x1a0 [intel_ishtp]
fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Linux

予約する

2026年05月13日

公開

2026年05月27日

モデレーション

承諾済み

エントリ

VDB-366128

CPE

準備完了

CWE

CWE-476 (確認済み)

CVSS

4.8 (VulDB)

EPSS

0.00023

KEV

いいえ

アクティビティ

非常低い

セクター

Energy, Finance, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45877
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45877
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45877/

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!