VYPR
High severity7.8NVD Advisory· Published Jun 3, 2026· Updated Jun 9, 2026

CVE-2026-46246

CVE-2026-46246

Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler

Using the devm_ variant for requesting IRQ _before_ the devm_ variant for allocating/registering the extcon handle, means that the extcon handle will be deallocated/unregistered _before_ the interrupt handler (since devm_ naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the extcon handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling extcon_set_state_sync() with a freed extcon handle. Which usually crashes the system or otherwise silently corrupts the memory...

Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the extcon handle.

Affected products

3
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.7,<6.12.75
    • (no CPE)
  • osv-coords
    Range: >= 6.7.0, < 6.12.75

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.