CVE-2026-46246

Source
https://cve.org/CVERecord?id=CVE-2026-46246
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46246.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46246
Downstream
Published
2026-06-03T15:49:41.607Z
Modified
2026-06-18T03:54:50.710045704Z
Summary
power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler
Details

In the Linux kernel, the following vulnerability has been resolved:

power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler

Using the devm_ variant for requesting IRQ before the devm_ variant for allocating/registering the extcon handle, means that the extcon handle will be deallocated/unregistered before the interrupt handler (since devm_ naturally deallocates in reverse allocation order). This means that during removal, there is a race condition where an interrupt can fire just after the extcon handle has been freed, but just before the corresponding unregistration of the IRQ handler has run.

This will lead to the IRQ handler calling extcon_set_state_sync() with a freed extcon handle. Which usually crashes the system or otherwise silently corrupts the memory...

Fix this racy use-after-free by making sure the IRQ is requested after the registration of the extcon handle.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46246.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f8d7a3d21160a0cab4d15b81231f2a76b0fcee13
Fixed
9fab0120907e6965168e55b1e17cb9dfaf262b86
Fixed
47abfc207ab02cf1297257e282e8048da63f0d08
Fixed
48e0f68b50c344bb2d78d65dd98f93e41276ee00
Fixed
23067259919663580c6f81801847cfc7bd54fd1f

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46246.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46246.json"