CVE-2026-46246
Analyzed Analyzed - Analysis Complete
Use-After-Free in Linux Kernel Power Supply Subsystem

Publication date: 2026-06-03

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `extcon` handle, means that the `extcon` handle will be deallocated/unregistered _before_ the interrupt handler (since `devm_` naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just _after_ the `extcon` handle has been freed, *but* just _before_ the corresponding unregistration of the IRQ handler has run. This will lead to the IRQ handler calling `extcon_set_state_sync()` with a freed `extcon` handle. Which usually crashes the system or otherwise silently corrupts the memory... Fix this racy use-after-free by making sure the IRQ is requested _after_ the registration of the `extcon` handle.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-09
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-46246
EUVD
EUVD-2026-34108
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's power supply driver for pm8916_lbc. It occurs because the interrupt request (IRQ) is requested before the extcon handle is allocated and registered. Since the devm_ variant deallocates resources in reverse order, the extcon handle can be freed before the IRQ handler is unregistered.

As a result, there is a race condition during device removal where an interrupt can trigger after the extcon handle has been freed but before the IRQ handler is unregistered. This causes the IRQ handler to call a function on a freed extcon handle, which can crash the system or corrupt memory silently.

The fix involves changing the order so that the IRQ is requested only after the extcon handle has been registered, preventing the use-after-free condition.

Impact Analysis

This vulnerability can cause system crashes or silent memory corruption due to the use of a freed extcon handle in the IRQ handler. Such instability can lead to unexpected system behavior, data loss, or denial of service.

Mitigation Strategies

To mitigate this vulnerability, ensure that the IRQ is requested only after the registration of the extcon handle. This prevents the race condition that leads to a use-after-free scenario.

Specifically, update or patch the Linux kernel to include the fix where the devm_ variant for requesting IRQ is called after the devm_ variant for allocating/registering the extcon handle.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46246. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart