CVE-2026-46109

EUVD-2026-32868

28.05.2026, 10:16

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix memory leak on ulpi_register() error paths

Commit 01af542392b5 ("usb: ulpi: fix double free in
ulpi_register_interface() error path") removed kfree(ulpi) from
ulpi_register_interface() to fix a double-free when device_register()
fails.

But when ulpi_of_register() or ulpi_read_id() fail before
device_register() is called, the ulpi allocation is leaked.

Add kfree(ulpi) on both error paths to properly clean up the allocation.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	7.0.9-1 fixed
sid	7.0.10-1 fixed
trixie	vulnerable
trixie (security)	6.12.90-2 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2026-05-27T22:00:00+00:00

References

https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d

https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d

https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385

https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c

https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b