CVE-2026-46109
EUVD-2026-3286828.05.2026, 10:16
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: fix memory leak on ulpi_register() error paths
Commit 01af542392b5 ("usb: ulpi: fix double free in
ulpi_register_interface() error path") removed kfree(ulpi) from
ulpi_register_interface() to fix a double-free when device_register()
fails.
But when ulpi_of_register() or ulpi_read_id() fail before
device_register() is called, the ulpi allocation is leaked.
Add kfree(ulpi) on both error paths to properly clean up the allocation.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.10.253 ≤ 𝑥 < 5.10.258 |
| linux | linux_kernel | 5.15.203 ≤ 𝑥 < 5.15.209 |
| linux | linux_kernel | 6.1.168 ≤ 𝑥 < 6.1.175 |
| linux | linux_kernel | 6.6.134 ≤ 𝑥 < 6.6.140 |
| linux | linux_kernel | 6.12.81 ≤ 𝑥 < 6.12.88 |
| linux | linux_kernel | 6.18.22 ≤ 𝑥 < 6.18.30 |
| linux | linux_kernel | 6.19.12 ≤ 𝑥 < 7.0 |
| linux | linux_kernel | 7.0.1 ≤ 𝑥 < 7.0.7 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0:rc7 |
| linux | linux_kernel | 7.1:rc1 |
| linux | linux_kernel | 7.1:rc2 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
Vulnerability Media Exposure
References