CVE-2026-46109

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpi_register() error paths Commit 01af542392b5 ("usb: ulpi: fix double free in ulpi_register_interface() error path") removed kfree(ulpi) from ulpi_register_interface() to fix a double-free when device_register() fails. But when ulpi_of_register() or ulpi_read_id() fail before device_register() is called, the ulpi allocation is leaked. Add kfree(ulpi) on both error paths to properly clean up the allocation.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d	Patch
https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c	Patch
https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d	Patch
https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054	Patch
https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385	Patch
https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c	Patch
https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9	Patch
https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc2::::::

History

24 Jun 2026, 18:31

Type	Values Removed	Values Added
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:-:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d -~~	() https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d - Patch
References	~~() https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c -~~	() https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c - Patch
References	~~() https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d -~~	() https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d - Patch
References	~~() https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054 -~~	() https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054 - Patch
References	~~() https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385 -~~	() https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385 - Patch
References	~~() https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c -~~	() https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c - Patch
References	~~() https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9 -~~	() https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9 - Patch
References	~~() https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b -~~	() https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b - Patch

01 Jun 2026, 17:17

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c - () https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054 - () https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9 -

28 May 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-28 10:16

Updated : 2026-06-24 18:31

NVD link : CVE-2026-46109

Mitre link : CVE-2026-46109

CVE.ORG link : CVE-2026-46109

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10