CVE-2026-45877
Awaiting Analysis Awaiting Analysis - Queue
NULL Pointer Dereference in Linux Kernel HID Subsystem

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic. This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions. KASAN: null-ptr-deref in range [0000000000000000-0000000000000007] Workqueue: ish_fw_update_wq fw_reset_work_fn Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp] ishtp_reset_handler+0x85/0x1a0 [intel_ishtp] fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45877
EUVD
EUVD-2026-32343
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intel intel_ish_hid *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's intel-ish-hid driver. During a warm reset process, a pointer named cl->device may be NULL if the reset happens while clients are still being enumerated. The code attempts to access cl->device->reference_count without first checking if cl->device is NULL, which leads to a NULL pointer dereference and causes a kernel panic.

The issue was discovered during intensive multi-unit warm reboot stress testing. The fix involves adding a defensive NULL check for cl->device to prevent the kernel panic and improve system stability.

Impact Analysis

This vulnerability can cause the Linux kernel to panic during a warm reset if the system attempts to access a NULL pointer. A kernel panic results in a system crash, causing downtime and potential loss of unsaved data. It may affect system stability and reliability, especially in environments where warm resets or reboots are frequent.

Detection Guidance

This vulnerability manifests as a kernel panic caused by a NULL pointer dereference in the intel-ish-hid driver during a warm reset when clients are still being enumerated.

To detect this issue on your system, you can monitor kernel logs for panic messages related to the intel_ishtp or intel_ish_ipc modules.

  • Check kernel logs for panic or oops messages: sudo dmesg | grep -i 'intel_ishtp\|intel_ish_ipc\|panic'
  • Use journalctl to review recent kernel messages: sudo journalctl -k | grep -i 'intel_ishtp\|intel_ish_ipc\|panic'
  • Look for call traces referencing ishtp_bus_remove_all_clients or fw_reset_work_fn in kernel logs.
Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where the NULL pointer dereference in the intel-ish-hid driver has been fixed.

Until an update is applied, avoid performing warm resets or reboot cycles that could trigger the enumeration of clients in the intel-ish-hid driver.

Monitoring system stability and kernel logs for signs of this issue can help in early detection and response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45877. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart