CVE-2026-45978

Source
https://cve.org/CVERecord?id=CVE-2026-45978
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45978.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45978
Downstream
Published
2026-05-27T12:18:36.753Z
Modified
2026-06-18T03:54:57.932482321Z
Summary
staging: greybus: lights: avoid NULL deref
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: lights: avoid NULL deref

gblightslightconfig() stores channelcount before allocating the channels array. If kcalloc() fails, gblightsrelease() iterates the non-zero count and dereferences light->channels, which is NULL.

Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45978.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2870b52bae4c81823ffcb3ed2b0626fb39d64f48
Fixed
a118724d7641b832fa14323e2733e28ae4834552
Fixed
3cbe694d235d96f628ec7dc6ae4d8bdddb768699
Fixed
ba5022162da63059bae36c4fd84d7031f582c71f
Fixed
65f2c608096d766540953d9b170d216aa3b5eb95
Fixed
01b91cb3e748032fd96bbe0043812b426a52f091
Fixed
06162d85f830582da6e9e5fcf9c9504d6da9ae0b
Fixed
da46264a7016034a5bbbad034c012ef218b7d0af
Fixed
efcffd9a6ad8d190651498d5eda53bfc7cf683a7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45978.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.9.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45978.json"