CVE-2026-46285
Received Received - Intake

Use-After-Free in Linux Kernel MTD DocG3 Driver

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv before the loop that calls doc_release_device() on each floor. doc_release_device() frees the docg3 struct via kfree(docg3) at line 1881. After the loop, docg3->cascade->bch dereferences the already-freed pointer. Fix this by accessing cascade->bch directly, which is equivalent since docg3->cascade points back to the same cascade struct, and is already available as a local variable. This also removes the now-unused docg3 local variable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-29
AI Q&A
2026-06-08
EPSS Evaluated
2026-06-27
NVD
CVE-2026-46285
EUVD
EUVD-2026-35150

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's mtd: docg3 component, specifically in the function docg3_release().

In the vulnerable code, a pointer named docg3 is obtained and then freed inside a loop by calling doc_release_device(). After the loop, the code attempts to access a member of the already-freed docg3 pointer, which leads to undefined behavior.

The fix involves changing the code to access the cascade->bch member directly, avoiding the use of the freed docg3 pointer.

Impact Analysis

Use-after-free vulnerabilities can lead to system instability, crashes, or potentially allow attackers to execute arbitrary code or escalate privileges if exploited.

In this case, since the vulnerability is in the Linux kernel's memory technology device (mtd) subsystem, exploitation could affect the stability or security of systems running vulnerable kernel versions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46285. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart