CVE-2026-46098

Source
https://cve.org/CVERecord?id=CVE-2026-46098
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46098.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46098
Downstream
Related
Published
2026-05-27T12:59:02.308Z
Modified
2026-06-27T11:54:52.306286534Z
Summary
net: caif: clear client service pointer on teardown
Details

In the Linux kernel, the following vulnerability has been resolved:

net: caif: clear client service pointer on teardown

caif_connect() can tear down an existing client after remote shutdown by calling caif_disconnect_client() followed by caif_free_client(). caif_free_client() releases the service layer referenced by adap_layer->dn, but leaves that pointer stale.

When the socket is later destroyed, caif_sock_destructor() calls caif_free_client() again and dereferences the freed service pointer.

Clear the client/service links before releasing the service object so repeated teardown becomes harmless.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46098.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
43e3692101086add8719c3b8b50b05c9ac5b14e1
Fixed
cffca7a18b8f9de7c3d3013a1f5740c412b2a501
Fixed
7ef97d4675b05a103648bd9244d91dff7d8c08b0
Fixed
e16859f3f4426fa349bc5519d582a93d28f5a15d
Fixed
914c6456fcfc21a3d553945dff62fd1621d6155d
Fixed
3ac6db584d9d420267bb8413115707eeec76d9cf
Fixed
63d21a3aa0108b9dde4e99b0d3d5d679ac68c0f9
Fixed
a4b191ddc12c55ddb62feb096536f819f384d6f1
Fixed
f7cf8ece8cee3c1ee361991470cdb1eb65ab02e8

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46098.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46098.json"