CVEFinder.io

CVE-2026-46246

⚠️ high
🔍 Scan for this CVE
Summary

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `extcon` handle, means that the `extcon` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interru

Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler

Using the `devm_` variant for requesting IRQ _before_ the `devm_`
variant for allocating/registering the `extcon` handle, means that the
`extcon` handle will be deallocated/unregistered _before_ the interrupt
handler (since `devm_` naturally deallocates in reverse allocation
order). This means that during removal, there is a race condition where
an interrupt can fire just _after_ the `extcon` handle has been
freed, *but* just _before_ the corresponding unregistration of the IRQ
handler has run.

This will lead to the IRQ handler calling `extcon_set_state_sync()` with
a freed `extcon` handle. Which usually crashes the system or otherwise
silently corrupts the memory...

Fix this racy use-after-free by making sure the IRQ is requested _after_
the registration of the `extcon` handle.

CVSS Score
7.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-06-03
First Seen: 2026-06-04
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.6% of all 326,604 vulnerabilities in our database.

#99,150
Above average severity
Severity Percentile
Last Modified 2026-06-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-416

📦 Affected Products 3

Vendor Product Status Affected Versions
linux linux_kernel Affected
> 6.7 < 6.12.75
linux linux_kernel Affected
> 6.13 < 6.18.14
linux linux_kernel Affected
> 6.19 < 6.19.4

🔗 References 4

https://git.kernel.org/stable/c/23067259919663580c6f...
Patch
https://git.kernel.org/stable/c/47abfc207ab02cf12972...
Patch
https://git.kernel.org/stable/c/48e0f68b50c344bb2d78...
Patch
https://git.kernel.org/stable/c/9fab0120907e6965168e...
Patch

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-71313 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_wor... 2026-06-03
CVE-2025-71314 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches(... 2026-06-03
CVE-2026-46244 ⛔ critical 9.1 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync ... 2026-06-03
CVE-2026-46245 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD i... 2026-06-03
CVE-2026-46247 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map ... 2026-06-03
CVE-2026-46248 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->li... 2026-06-03
These CVEs affect the same products